I was able to notice that when the authentication flow ends in the /meetings
page, we are missing the _zm_bu
cookie, this is when loading https://vmware.zoom.us/saml/SSO
.
On the contrary when the flow ends on the redirectURI (the expected result), _zm_bu
cookie is present containing the right /authorized
endpoint with the redirectURI
extract:
{
"name": "_zm_bu",
"value": "https%3A%2F%2Fzoom.us%2Foauth%2Fauthorize%3Fclient_id%3DapBktPWPSCaawCXIBQHnaw%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fzoomboxerredirect.vmware.com%252F%26state%3DgEV8ROMUh9e0jh9dGC3yvw%26code_challenge%3D9h3F6xPpnmkR3olU_y7F73aM9cSwadSFoiYHV7HDmk0%26code_challenge_method%3DS256",
"path": "/",
"domain": ".zoom.us",
"expires": "1969-12-31T23:59:59.000Z",
"httpOnly": false,
"secure": true
},
I found this issue with the same cookie _zm_bu
, but I believe is the opposite case.
Could someone help me find out why if both flow (meeting redirect.har
and redirect_uri redirect.har
) have the same steps but they end on a different page.