Invalid State Error after Upgrading from Auth0 PHP SDK v7 to v8

Hi @yrmallu

I removed composer.lock and vendor and installed composer freshly but still getting the same error.
The error is coming on $auth0->exchange()

The error still being the one you posted above about the GuzzleHttp issue, correct?

That makes sense since exchange() opens and establishes a network connection, but we don’t include any hard dependencies, so Guzzle isn’t coming from our end. The SDK will use whatever is available within your project.

Can you share the contents of your composer.json here? Maybe we can spot something amiss there.

Hi @evansims,

Here the composer.json file

{
    "config": {
        "allow-plugins": {
            "php-http/discovery": true
        }
    },
    "require": {
        "auth0/auth0-php": "^8.11",
        "nyholm/psr7": "^1.8"
    }
}

Ah, I guess it must be php-http/discovery causing it to be installed. I’ve never seen it cause issues quite like that, but I don’t recommend using it, anyway.

Go ahead and set php-http/discovery to false in your composer.json. Then repeat deleting your composer.lock file and vendor subdirectory, and then try re-running composer install. That should take care of that Guzzle error, at least.

Next, the SDK requires PSR-7, PSR-17, and PSR-18 dependencies for creating, sending, and handling network requests.

Right now, you have nyholm/psr7 imported, which is a great library and takes care of the PSR-7 and PSR-17 requirements. In addition, you’ll also require a dependency that handles PSR-18. There are plenty of options out there but I’m fond of kriswallsmith/buzz just because it’s so lightweight. You can add it to your project by running composer require kriswallsmith/buzz.

That should (fingers crossed) resolve those networking woes.

@evansims. Thanks for the response.

Still same issue

You’re still getting a GuzzleHTTP error, specifically?

@evansims
If I use Buzz

TypeError: Auth0\SDK\Configuration\SdkConfiguration::__construct(): Argument #20 ($httpClient) must be of type ?Psr\Http\Client\ClientInterface, Buzz\Client\MultiCurl given, called in /var/www/html/whmcs/modules/addons/auth0/auth0.php on line 116 and defined in /var/www/html/whmcs/modules/addons/auth0/vendor/auth0/auth0-php/src/Configuration/SdkConfiguration.php:116
Stack trace:

other wise

Whoops\Exception\ErrorException: Declaration of GuzzleHttp\Psr7\Request::getRequestTarget() must be compatible with Psr\Http\Message\RequestInterface::getRequestTarget(): string in /var/www/html/whmcs/vendor/guzzlehttp/psr7/src/Request.php:58
Stack trace:
#0 /var/www/html/whmcs/vendor/whmcs/whmcs-foundation/lib/Utility/Error/Run.php(0): WHMCS\Utility\Error\Run->handleError()
#1 [internal function]: WHMCS\Utility\Error\Run->handleShutdown()
#2 {main}

@yrmallu OK, I’m honestly quite baffled here.

If I use Buzz

Internally, our SDK uses psr-discovery/http-client-implementations to discover available PSR-18 dependencies in your project without requiring you to configure anything. They’re used just by merit of existing in your project. So, in the case of kriswallsmith/buzz, it expressly imports Buzz/Client/FileGetContents, not Buzz/Client/MultiCurl. I don’t know how, where, or why MultiCurl would be getting imported at all.

other wise

I’m not sure I follow. Do you mean you get that exception even with php-http/discovery set to false if kriswallsmith/buzz is not installed?

In your vendor subdirectory, is there guzzle or guzzlehttp directory in there?

I have not heard of WHMCS before, but it’s beginning to sound like they’re somehow injecting their own dependencies into the environment beyond your control, and they’re conflicting. It’s the only thing I can think of that would cause this sort of thing.

I disabled php-http/discovery

Please keep me up to date on any alterations you’re making so we can troubleshoot this successfully. My only awareness of your application’s state is in the context of what you’ve shared with me here, so when you make changes we haven’t discussed, I’m flying blind.

Can you share what your Auth0 SDK initialization/configuration looks like right now? You mentioned manually importing MultiCurl — we don’t want to be doing that here. Let’s get a clean look at your configuration.

@evansims Thanks a lot for your support.

It seems I fixed the issue but not sure if any issues will occur in future.

When upgrading from Auth0 PHP SDK v7 to v8, encountering an “Invalid State Error” typically indicates issues with session handling or state parameter verification. Ensure session storage is properly configured and state parameter handling aligns with the new SDK’s requirements to resolve this error.