When a user is redirected back to the expected redirect_uri, they’re returned with state and code url parameters, but on refresh this causes issues, specifically a missing transaction: invalid state error. Is this expected behavior? The below is an example of the issue on the sample app found here.
The closest thing I’ve found to a solution to this issue feels like a monkey patch fix from another post here where they do something along the lines of html.window.history.pushState(null, 'home', '/'); (this is a Flutter translation from the original post answer) I’m hoping to find a more direct solution
Is there some additional set up I need to do on my tenant to enable this functionality: “This will log the user in without the login page displayed if the seamless SSO feature is enabled on the tenant.” - I do not see any settings similar to this in our tenant, from what I gathered, this is enabled by default for newer tenants, but is there a way for me to confirm that this is the case?
The 2nd work around, showing a pop up login, doesn’t seem like an ideal solution as the user just logged in and we’d be asking them to login for a second time almost immediately.
I don’t know if it’s worth mentioning, but when I remove “&state=…” from the url, the error does not show and the application renders as expected.