Hi All,
I am unsure where to post this, so if this needs to be moved, please let me know.
I have an issue with embedded login (using lock js) once it has redirected the user(to the specified redirect url).
I have implemented a test auth0 login using the PHP SDK which works ok, see below:
I call SDK Auth0->login(), and it redirects to the auth0 login page, type in the email & password, and it redirects back off to my site:
blp-magento24.test/sso/auth0/loggedin?code=hYlpPfC-HCGEGflg&state=048160be8993a3176c80ff5d0a99d47e
On this page, I make:
$auth0 = new Auth0([
‘domain’ => $this->getAppDomain(),
‘client_id’ => $this->getAppClientId(),
‘client_secret’ => $this->getAppClientSecret(),
‘redirect_uri’ => $this->getAppRedirectUri(),
‘scope’ => $this->getAppScope(),
]);
And then getUser() from this.
And as part of the exchange: $this->transientHandler->verify(self::TRANSIENT_STATE_KEY, $state) this passes.
However, using the embed login (via lock js) I can see the user is logged in correctly in auth0 logs, and it gets redirected back to the correct place:
https://blp-magento24.test/sso/auth0/loggedin?code=8jtAHH_8GjfeN183&state=etXTBFMK80AlZN5FJyM5ey4R7o6uRbNv
However, I get the error “invalid state” and $this->transientHandler->verify(self::TRANSIENT_STATE_KEY, $state) this fails. As in verify $this->getOnce($key) returns NULL.
If there is anything else I can provide, please let me know.
Thanks,