Auth0 Home Blog Docs

Error: Invalid state

Hi,

We tried to migrate from auth0.js v9 to auth0-spa-js and getting some weird error. The login comes back with code and status parameters but handleRedirectCallback fails with error:

POST https://xxx.auth0.com/oauth/token 401
TypeError: Cannot read property 'split' of undefined
    at jwt.ts:37
    at ee (jwt.ts:56)
    at oe._verifyIdToken (Auth0Client.ts:76)
    at oe.<anonymous> (Auth0Client.ts:253)
    at Generator.next (<anonymous>)
    at a (tslib.es6.js:68)

Here is the code for auth0-spa-js:

var webAuth = new auth0.WebAuth({
    domain:       'xxx.auth0.com',
    clientID:     'xxx',
    redirectUri: 'htt  p://localhost:1313/login-status',
    audience: 'htt  ps://xxx.auth0.com/api/v2/',
    scope: 'read:current_user'
});

auth0.loginWithRedirect({});

return auth0.isAuthenticated()
.then(result => {
   // RESULT RETURNS FALSE
    const query = window.location.search;
    if (query.includes("code=") && query.includes("state=")) {
        // Process the login state
        return auth0.handleRedirectCallback()
    }
})

only code and status are returned.

Here is the old code with auth0.js v9 sdk:

  var auth0= new auth0.WebAuth({
        domain:       'xxx.auth0.com',
        clientID:     'xxx',
        redirectUri: 'htt   p://localhost:1313/login-status',
        audience: 'htt   ps://xxx.auth0.com/api/v2/',
        scope: 'read:current_user',
        responseType: 'token'
    });

    auth0.authorize({ });

The code with auth0.js v9 sdk works fine and returns access_token, token_type, state etc.

The question is how to get the same behavior with auth0-spa-js?

Hi @berlioz,

Welcome to the Auth0 Community Forum!

I am wondering if this is related to the added audience for the management api. If you look in the functionality that cannot be migrated section, it mentions that you cannot ‘get user with the management api.’ You could try and remove anything related to that and use the getUser method for getting a profile instead.

Here is the section about functionality:

Here is the section on getUser:

Thanks, we will then pass on using auth0-spa-js for now.