Hosted Pages + Custom UI throws invalid_token 'state' does not match Error

miguel.zumbado · February 17, 2018, 12:33pm

I’m using a Hosted Login Page with Custom UI, this means NO lock
My Client is an Angular 1.6 SPA with the angular-auth0 component
in auth.service.js I have
function authService($state, angularAuth0, $timeout, $cookies, $window) {

    function login() {
      angularAuth0.authorize();
    }

the login.controller.js
function LoginController(authService) {

    var vm = this;
    vm.auth = authService;

  }

and the view is a PUG(Jade) file
a.btn.btn-primary(
ng-click=“$ctrl.auth.login()”
aria-label=“Sign In”)
| Sign In

then the callback.js
function callbackController(angularAuth0, $timeout, $state) {
angularAuth0.parseHash(function(err, authResult) {
if (authResult && authResult.accessToken && authResult.idToken) {
_setSession(authResult);
$state.go(‘projects.list’, { location: ‘replace’ });
} else if (err) {
$timeout(function() {
$state.go(‘auth.login’);
});
console.log(err);
}
});

my app.config.js is
angularAuth0Provider.init({
clientID: authClientID,
domain: authDomain,
responseType: ‘token id_token’,
audience: ‘https://dev-valid8.auth0.com/userinfo’,
redirectUri: ‘http://localhost:9001/callback’,
scope: ‘openid’,
state: ‘xyzABC123’
});

How do I set/change the state?

ricardo.batista · February 19, 2018, 11:33pm

From the quickstart for angular, I see that the initialization for the angular-auth0 library does not use the state attribute. It should be done as:

angularAuth0Provider.init({
  clientID: '{CLIENT_ID}',
  domain: '{YOUR_AUTH0_DOMAIN}',
  responseType: 'token id_token',
  audience: 'https://{YOUR_AUTH0_DOMAIN}/userinfo',
  redirectUri: 'http://localhost:3000/callback',
  scope: 'openid'
});

You can see the Angular sample for more info here: auth0-angularjs-samples/app.js at master · auth0-samples/auth0-angularjs-samples · GitHub

miguel.zumbado · February 20, 2018, 12:40am

Actually that was my first approach NO state
but because I got the “invalid_token ‘state’ does not match Error” then I’m trying to set a state
So, If I don’t set the state I’m getting the same error…

konrad.sopala · August 27, 2019, 10:36am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

Topic		Replies	Views
Invalid token, state does not match Help	37	20090	February 1, 2019
Log in error: "invalid token", description: "`state` does not match" Help log-in-error	6	7557	March 2, 2018
"webAuth.popup.authorize()" throwing "`state` does not match" error in callback - Angular SPA Help auth0js	8	6720	August 27, 2019
Auth0 state does not match Angular 7 Help auth0 , login	26	8225	April 23, 2019
Angular SPA Login error on manual refresh after callback core.js:5824 ERROR Error: Invalid state Help	2	4368	November 29, 2019

Hosted Pages + Custom UI throws invalid_token 'state' does not match Error

Related Topics