HI @dawid.matuszczyk , Thank you for your response! I really appreciate it.
I have a couple of follow-up questions:
- In another discussion, it was mentioned that the state is generated by the
webauth.loginmethod link to discussion. I just want to confirm if the state param is already in url, what happen when I call thewebauth.login? Will the state generate again? - In my application, the flow where the user directly navigates to the login page is something we can’t easily change. Given this, I was wondering if there are any workarounds for the “invalid state” issue. For example, does Auth0 provide a method to automatically refresh the state? Or can I just call
loginfunction again if detect “invalid state” issue?
Another reply mentioned this link to discussion
But I am not sure how tostart a new authentication requestin my case.
To be more detailed, here is my current code:
function login(e) {
e.preventDefault();
...
const username = document.getElementById("email").value;
const password = document.getElementById("password").value;
webAuth.login(
{
realm: databaseConnection,
username: username,
password: password,
},
function (err) {
//add the logic of handle invalid state here, but not sure how to do it.
//Can I just call webAuth.login again?
//Or I need to redirect to the auth.myXXX.dev again to get the new state?
if (err) {
label.classList.remove("hidden");
loader.classList.add("hidden");
displayError(err);
}
}
);
}
}
Thanks again for your help!