Indeed, I contacted support in the meantime and the conclusion is that we need to generate the state server side and store it, (in a cookie for example) to be able to use it later in /callback, then communicate the value to the front end and use when calling Auth0.js’s login method.
1 Like