Hi,
I’m getting intermittent Invalid state errors with my application. I’ve done a little debugging and it appears that when this happens the state cookie is not being set (and occasionally the nonce as well). I’ll provide some logs below:
{"routeName":"auth0-callback","routeParameters":[],"fullUrl":"https:\/\/***.***.com\/auth0\/callback?code=oRccO2ApABVZNJGQ&state=f69058dca36cbf364af63947ddc8bf9f","cookie":{"nonce":"974bb596aeff7491ea1f019ac0cdffdf","state":null},"get":{"code":"oRccO2ApABVZNJGQ","state":"f69058dca36cbf364af63947ddc8bf9f"},"request":{"code":"oRccO2ApABVZNJGQ","state":"f69058dca36cbf364af63947ddc8bf9f"}}
{"routeName":"auth0-callback","routeParameters":[],"fullUrl":"https:\/\/***.***.com\/auth0\/callback?code=Eue4KlgnV6sLK7PP&state=c6c056817d49ef9b1e48dbb313e60d49","cookie":{"nonce":null,"state":null},"get":{"code":"Eue4KlgnV6sLK7PP","state":"c6c056817d49ef9b1e48dbb313e60d49"},"request":{"code":"Eue4KlgnV6sLK7PP","state":"c6c056817d49ef9b1e48dbb313e60d49"}}
I am using auth0/auth0-php@7.9.1 with Laravel and Lock for the SSO. We run a multi-tenant application with many Auth0 applications but they all have the same domain name. What can I do?