BIG-IP APM OAuth Client: state parameters do not match

Question

Hi,I have BIG-IP APM installed , it is a simple Virtual Server with Access policy for OAuth Client/ Resouce server integrated with Okta. When I try to access a recource on the server it redirects me Okta and gets the access code but when connects to F5 APM again it Deny's the access and through following error.Common/XXXOktaAP:Common:541531e8:/Common/XXXOktaAP_act_oauth_client_ag: OAuth Client: 'state' parameters do not match (expected=5XYrM28-OiGYD4UOwPf40gA, received=5xyrm28-oigyd4uowpf40ga) for server '/Common/XXXOktaServer' (client_id=0oa5rwhe5nmDhoiK8697)It looks like iexpected vs received is just letters case sensitive, but I don't see this information anywhere in the communication request/response.When I serched up for in tech docs I found thisOAuth Client: state parameters do not matchThis is an internal APMD error; this error should not occur.What does this mean? any help would be appreciated.ThanksMadhava

madhava · Accepted Answer

Ok found the root cause,&nbsp; problem is on ourside side. This is not a Browser driven environment but an headless client make these calls and it is manipulating the OAuth response to convert into lower case causing this failure.&nbsp;Thanks

Forum Discussion

BIG-IP APM OAuth Client: state parameters do not match

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Automating Certificate Management on F5 BIG-IP

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

BIG-IP security hardening and compliance checks

Introducing the F5 AI Assistant for BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS