Auth0 Home Blog Docs

Check state parameter when mfa is enabled


#1

Hi,

We implemented state parameter check as the doc says: https://auth0.com/docs/protocols/oauth2/oauth-state, but later we turned on the google mfa (via rules) and the state check stopped working. Every time when user has redirected to the mfa screen, the state parameter is changing, and of course the state check will be failed.

How we check the state parameter during login+mfa process properly?