authResult returned by WebAuth.parseHash is undefined when custom state used

My WebAuth configuration:

const config = {
  domain: "",
  clientID: "mysupersecretclientID",
  audience: "",
  redirectUri: "https://mydomain/handle-auth",
  responseType: "id_token token",
  scope: "openid profile email https://mydomain/roles read:current_user create:current_user_metadata update:current_user_metadata"
const auth = new auth0.WebAuth(config);

Following the webAuth.authorize() documentation, I should be able to add arbitrary data to the state option (in this case I want to pass the URL to which users should be redirected after login). As such, I’ve tried calling the authorize() endpoint as follows:

const opts = { ...config, state: { to: "/path/to/redirect/to/upon/login" } };

Theoretically, this should allow me to recover the values stored in state after the authorization process has completed. However, after successful login, auth0 redirects to https://mydomain/handle-auth and when I make a call to auth.parseHash, the value of authResult is undefined (note, my handler function wraps the parseHash() call in a Promise):

function handleAuth()  {
  return new Promise(
    function(resolve, reject) {
      auth.parseHash(function(err, authResult) {
        err && reject(err);
        console.log(authResult); // undefined!!!

However, if I leave the state option of the authorize() function untouched, then authResult is defined and contains the values the documentation indicates should be there, but then I seem to be losing the redirect URL that I originally wanted to store in the state option.

My best guess right now is that somehow when you specify a custom state option that somehow it prevents auth0 from being able to parse the automatically generated nonce. I’ve confirmed that the nonce is still there (stored in a cookie fwiw) in addition to the other state properties that I added. Since it is not finding the nonce it somehow fails to decode the tokens in the hash and therefore returns undefined from the parseHash() function.

Does this make sense? Am I missing something or doing something wrong?


Hey there!

Terribly sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes our bandwidth is just not enough for all the questions that are coming in. Sorry for the inconvenience!

Do you still require further assistance from us?