Error: Invalid state

berlioz · August 14, 2019, 9:29pm

Hi,

We tried to migrate from auth0.js v9 to auth0-spa-js and getting some weird error. The login comes back with code and status parameters but handleRedirectCallback fails with error:

POST https://xxx.auth0.com/oauth/token 401
TypeError: Cannot read property 'split' of undefined
    at jwt.ts:37
    at ee (jwt.ts:56)
    at oe._verifyIdToken (Auth0Client.ts:76)
    at oe.<anonymous> (Auth0Client.ts:253)
    at Generator.next (<anonymous>)
    at a (tslib.es6.js:68)

Here is the code for auth0-spa-js:

var webAuth = new auth0.WebAuth({
    domain:       'xxx.auth0.com',
    clientID:     'xxx',
    redirectUri: 'htt  p://localhost:1313/login-status',
    audience: 'htt  ps://xxx.auth0.com/api/v2/',
    scope: 'read:current_user'
});

auth0.loginWithRedirect({});

return auth0.isAuthenticated()
.then(result => {
   // RESULT RETURNS FALSE
    const query = window.location.search;
    if (query.includes("code=") && query.includes("state=")) {
        // Process the login state
        return auth0.handleRedirectCallback()
    }
})

only code and status are returned.

Here is the old code with auth0.js v9 sdk:

  var auth0= new auth0.WebAuth({
        domain:       'xxx.auth0.com',
        clientID:     'xxx',
        redirectUri: 'htt   p://localhost:1313/login-status',
        audience: 'htt   ps://xxx.auth0.com/api/v2/',
        scope: 'read:current_user',
        responseType: 'token'
    });

    auth0.authorize({ });

The code with auth0.js v9 sdk works fine and returns access_token, token_type, state etc.

The question is how to get the same behavior with auth0-spa-js?

dan.woda · August 16, 2019, 11:24pm

Hi @berlioz,

Welcome to the Auth0 Community Forum!

I am wondering if this is related to the added audience for the management api. If you look in the functionality that cannot be migrated section, it mentions that you cannot ‘get user with the management api.’ You could try and remove anything related to that and use the getUser method for getting a profile instead.

Here is the section about functionality:

Here is the section on getUser:

berlioz · August 16, 2019, 11:32pm

Thanks, we will then pass on using auth0-spa-js for now.

dan.woda · August 19, 2019, 4:16pm

Thanks for checking it out. Let us know if you have any more questions going forward.

Cheers,
Dan

dan.woda · September 2, 2019, 8:16pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
React Quickstart can't parse token in handleRedirectCallback Help login , quickstart , react , auth0-spa-js	6	10026	September 16, 2019
handleRedirectCallback failing with "Invalid State" error & empty response Help	1	2219	October 10, 2022
Invalid State after copying and pasting example code 2 Help classic-universal-login-experience , login-experience	0	534	October 4, 2023
Invalid state error after using Oauth with Auth0 React SPA Help oauth , spa , react , state	4	6306	December 17, 2020
Auth0Client.ts:285 Uncaught (in promise) Error: Invalid state Help	4	5174	March 28, 2020

Error: Invalid state

Related topics