I can reproduce this in the Angular quickstart. Refreshing just after the login, throws the Invalid State issue.
There’s a similar issue mentioned in Auth0-SPA-JS FAQ but it only affects the Firefox browser. The issue reported in this thread can be reproduced on Chrome.
Not sure how to fix that though.