I’m using the auth0-angular library (v 1.11.1) in my Angular 14 application, and found a weird problem. If I navigate to a route in the application that contains the query parameters ‘state’ and ‘code’, auth0-angular will immediately redirect me to the error path (as defined by ‘errorPath’ when initializing auth0). Is this a bug or something security related I’m not aware of?
The reason I need a route with these query parameters is that I’m using a 3rd party SaaS that requires a callback route into my application with exactly these parameters.
Any explanation what might be causing this would be much appreciated.
Problem Statement - The angular web app is not redirected correctly if the URL contains the ‘state’ and ‘code’ query parameters.
I am using a third-party app that sends customers to my angular web application.
That third-party app URL contains the ‘state’ and ‘code’ query parameters.
We could not control the third-party application.
When the URL contains the ‘state’ and ‘code’ query parameters, the application is redirected to the error path.
If I remove the error path from the Auth0 configuration, the application is redirected to the path: ‘**’ which I have defined at the last in the app-routing-module.ts
If I remove the state query parameter from the URL, the application is redirected to the correct route.
I have the same issue. but mine is only if the ‘state’ parameter is present in the URL, ‘code’ seems to be ok for my redirect. But ‘state’ is causing problems. I don’t know why