Intermittent Invalid State

elamison · September 10, 2021, 6:39pm

auth0-spa-js
1.81
React

We’re using the auth0-spa-js module and for some (3) users after they login they get an Invalid State error. If they then go to the protected page they are authenticated and it works. The specific part that fails is in Auth0Client.ts:

    if (!transaction || !transaction.code_verifier) {
      throw new Error('Invalid state');
    }

Nobody else can reproduce it. One person on a Mac with Chrome, another on Windows and Edge and one on Windows and Chrome. Any ideas? I’m using almost the exact react example.

dan.woda · September 14, 2021, 5:30pm

Hi @elamison,

Welcome back!

Are you using an up-to-date version of auth0-spa-js? There isn’t a version 1.81 at the moment.

Can you provide a link to the example you are using?

An invalid state error can occur when the state param from the original request does not match the state parameter in the response. This can be caused by multiple requests happening simultaneously/back-to-back.

system · December 23, 2021, 4:56pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.