This is more of an answer instead of a question. I just wanted to post here since other threads were closed. Maybe someone can double check me or comment if this does work for them.
Using the auth0-spa-js
SDK i was getting the “invalid state” error, when being redirected back to the app. Initially, I was trying to create an Auth0 “singleton” client, where at the start of the app we create the client, and then just use the client on what ever page. This inconsistency was causing invalid state, so all I needed to do was on the same page where the login is initiated (which is the same page the redirect is handled) just initialize the Auth0 client there, and viola, no “invalid state” error.
Hope this helps!