Hosted Pages + Custom UI throws invalid_token 'state' does not match Error

miguel.zumbado · February 17, 2018, 12:33pm

I’m using a Hosted Login Page with Custom UI, this means NO lock
My Client is an Angular 1.6 SPA with the angular-auth0 component
in auth.service.js I have
function authService($state, angularAuth0, $timeout, $cookies, $window) {

    function login() {
      angularAuth0.authorize();
    }

the login.controller.js
function LoginController(authService) {

    var vm = this;
    vm.auth = authService;

  }

and the view is a PUG(Jade) file
a.btn.btn-primary(
ng-click=“$ctrl.auth.login()”
aria-label=“Sign In”)
| Sign In

then the callback.js
function callbackController(angularAuth0, $timeout, $state) {
angularAuth0.parseHash(function(err, authResult) {
if (authResult && authResult.accessToken && authResult.idToken) {
_setSession(authResult);
$state.go(‘projects.list’, { location: ‘replace’ });
} else if (err) {
$timeout(function() {
$state.go(‘auth.login’);
});
console.log(err);
}
});

my app.config.js is
angularAuth0Provider.init({
clientID: authClientID,
domain: authDomain,
responseType: ‘token id_token’,
audience: ‘https://dev-valid8.auth0.com/userinfo’,
redirectUri: ‘http://localhost:9001/callback’,
scope: ‘openid’,
state: ‘xyzABC123’
});

How do I set/change the state?

ricardo.batista · February 19, 2018, 11:33pm

From the quickstart for angular, I see that the initialization for the angular-auth0 library does not use the state attribute. It should be done as:

angularAuth0Provider.init({
  clientID: '{CLIENT_ID}',
  domain: '{YOUR_AUTH0_DOMAIN}',
  responseType: 'token id_token',
  audience: 'https://{YOUR_AUTH0_DOMAIN}/userinfo',
  redirectUri: 'http://localhost:3000/callback',
  scope: 'openid'
});

You can see the Angular sample for more info here: auth0-angularjs-samples/app.js at master · auth0-samples/auth0-angularjs-samples · GitHub

miguel.zumbado · February 20, 2018, 12:40am

Actually that was my first approach NO state
but because I got the “invalid_token ‘state’ does not match Error” then I’m trying to set a state
So, If I don’t set the state I’m getting the same error…

konrad.sopala · August 27, 2019, 10:36am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?