Authentication with Username-Password connection fails with 403: Invalid State

I am able to create new users and authenticate existing users via social sign-in (e.g. Google mail)
While I am able to create new users with the Username-Password connection, I am unable to authenticate existing users. The login process fails with an error 403 and the message “invalid state.”
A copy of request and response data is pasted below.

Curiously when I test the connection in the Dashboard with “Try Connection” the appropriate user authentication data is returned and the callback URL is executed.

Haven’t been able to pin down exactly what “Invalid State” refers to.

In both cases described above I am using the default configuration for hosted pages for the Lock UI and as well as for the Custom UI. Lock v10 and/or Auth0 v8.

HTTP Response: { code: "access_denied", description: "Invalid state", name: "AnomalyDetected", statusCode: 403 }

HTTP Request: { client_id: "v072atWuRuvn1v1KFeJ8NF393UEMX58b", connection: "Username-Password-Authentication", password: "foobarbaz", redirect_uri: "http://localhost:3000/", response_type: "code", tenant: "altrdpdgm", username: "", _csrf: "deprecated" }

1 Like

I had this exact issue with auth0 and angular. My mistake was not giving my root app component a copy of auth service to handle the Authentication… you may be missing something similar?

export class AppComponent {
    constructor(public authService: AuthService) {

Thanks a lot for sharing your mistake with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.