This problem is only happening in environments with multiple instances behind the loadbalancer. We are using AWS ElasticBeanstalk, and everything works fine when there is a single instance behind the loadbalancer. But when the loadbalancer has multiple instances, we get this “too many redirects” issue. It is bouncing between the application callback url and the authorize endpoint of auth0 domain. Each request to the callback url has a state url parameter in the query string, which changes for each subsequent request.
I found this issue (which may be related), but none of the errors mention ssl/https.
I’m considering a solution that uses a database state manager, where I store and validate the state in redis. I would create a new StateHandler class, which I believe is the current problem. The SessionStateHandler is what currently seems to be the problem. Any tips on going about this?
UPDATE
I was able to get it working by creating a RedisStateHandler! I’ve created a pull request with the php sdk
here.