Clicking back button after login to callback link throws invalid token state does not match

Won · February 12, 2019, 7:57am

After successful login, callback url gets called and redirects to http://localhost:3000/dashboard

Now I click back button on my chrome browser, browser tries to go to http://localhost:3000/callback#access_token=.....&expires_in=...&state=… etc.

At this point, my handleAuthentication function gets called:

handleAuthentication = myhas => {
  this.auth0.parseHash((err, authResult) => {
    if (authResult && authResult.accessToken && authResult.idToken) {
      this.setSession(authResult);
      this.history.push("dashboard");
    } else if (err) {
      this.history.push("/");
      alert(`Error: ${err.error}. Check the console for further details.`);
      console.log(err);
    }
  });
};

Issue is that this.auth0.parseHash always errors out with:

{error: “invalid_token”, errorDescription: “state does not match”}

How are you guys handling user pressing back button after successful login, which triggers callback url again?

James.Morrison · February 12, 2019, 2:14pm

Hi there @Won, I’d be happy to take a look at what may be going on here. When you get a chance can you snag a HAR file of the current workflow when the error presents itself along with your tenant name and DM them over to me so I can take a deeper look at what may be occurring? Please let me know if you have any questions. Thanks!

Won · February 12, 2019, 8:38pm

Thank you. Please note that when you click on back on browser, it does not make a request over the network. Change in url gets caught by react router and runs Callback component.

here is screenshot to clarify: https://drive.google.com/open?id=1cSPZ-_vHUaFH607aVUSRsssWuvh7z8RG

Thanks again.

James.Morrison · February 26, 2019, 8:36pm

After talking with support I was able to confirm that the auth flow from this state has already been consumed as intended. It is not within the standard workflow for the end user to click the back button and it to perform like nothing occurred. Because of this we don’t have a workaround for this situation. Please let me know if you have any additional questions on this matter.

James.Morrison · March 13, 2019, 12:36am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
State does not match error coming back first time login Help	3	2786	December 5, 2019
Invalid_token; `state` does not match Help auth0 , auth0js , login , access-token , state	11	12770	December 15, 2022
Laravel 5.8 Integration Invalid State on callback Help jwt , auth0 , login	5	3561	July 30, 2019
Invalid Token with request to ssodata Help sso , invalid_token	2	3691	August 6, 2019
Invalid token, state does not match Help	37	20072	February 1, 2019

Clicking back button after login to callback link throws invalid token state does not match

Related Topics