We are using the auth0-spa-js in our Angular 8 project, the authentication procedure follows the start-up guide from Auth0 Quickstart. The login seems to work fine, but we receive an ‘Invalid state’ error from our users, if they for some reason refresh the application, while they are on the application Auth0 callback url. The callback url hold the query params “code” and “state” when the refresh page is initiated.
I’m not really sure if the error is desired and how to handle it or this is an effect of the design of the auth service provided in the Quickstart?
Any help is appreciated - thanks in advance