Invalid Token, State does not match- Auth-0 Error

puishan · July 28, 2019, 3:00pm

I am getting an error in Auth-0 authentication. when login clicked then, it throws error “Invalid toekn” state does not match. Then it redirect back to login page. There is no change made and it is still working fine in staging.

It was working fine few days back. I am running this on local using docker ro run the web (React-JS) and API in PHP. Auth-0 credentials are correct and we never made any changes since beginning.
This is my code.

   handleAuthentication(success) {
     this.auth0.parseHash((err, authResult) => {
     if (authResult && authResult.accessToken && authResult.idToken) 
     {
        this.setSession(authResult);
        success(authResult.idTokenPayload);

      } else if (err) {
        console.error(err);
        this.auth0.authorize();
     }
     });

Here is the error.
TypeError: IdTokenVerifier is not a constructor
and It returns:
Invalid Token, State does not match
Browsers i have tested:
Chrome(Normal and in-cognitive), FireFox

dan.woda · July 29, 2019, 11:47pm

Hi @puishan,

Welcome back!

It looks like this error is in regards to a line where you try and use new IdTokenVerifier.

Can you post the code associated with this line?

That would likely explain the invalid token.

Thanks,
Dan

puishan · July 30, 2019, 12:57pm

Hi @dan.woda
the code is given below.

 WebAuth.prototype.validateToken = function(token, nonce, cb) {
  var verifier = new IdTokenVerifier({
    issuer: this.baseOptions.token_issuer,
    audience: this.baseOptions.clientID,
    leeway: this.baseOptions.leeway || 0,
    __disableExpirationCheck: this.baseOptions.__disableExpirationCheck
  });

  verifier.verify(token, nonce, function(err, payload) {
    if (err) {
      return cb(error.invalidJwt(err.message));
    }

    cb(null, payload);
  });
};

It throws the error when parseHash function is called. One things i noticed. parseHash is called twice somehow.
I checked logs in Auth0 , its says, i have logged in successfully.
still not able to resolve it. This IdTokenVerifier code is written in auth0.js.
Your help is appreciated. Thanks

dan.woda · July 31, 2019, 4:39pm

It looks like this package is separate from auth0.js.

Have you required it?

puishan · July 31, 2019, 4:44pm

Hi sir, but auth-0 has dependency on idToekn-verifier.
have a look here.

 "auth0-js": {
  "version": "8.12.0",
  "resolved": "https://registry.npmjs.org/auth0-js/-/auth0-js-8.12.0.tgz",
  "integrity": "sha1-gnJvXJCYLW/06b67p4TZTUuf9BU=",
  "requires": {
    "base64-js": "^1.2.0",
    "idtoken-verifier": "^1.1.0",
    "qs": "^6.4.0",
    "superagent": "^3.3.1",
    "url-join": "^1.1.0",
    "winchan": "^0.2.0"
  }

It’s not installed separately. Thanks

dan.woda · July 31, 2019, 5:03pm

You are using a deprecated version of Auth0.js. I wonder if this is causing the problem?

https://auth0.com/docs/libraries/auth0js/v9/migration-guide

puishan · July 31, 2019, 5:25pm

i will update the Auth0.js package and let’s see , if this could solve the problem. Thanks

dan.woda · July 31, 2019, 5:25pm

If that doesn’t do it we can go from there. Thanks!

puishan · August 12, 2019, 7:47am

I tried to migrate to V9. but still getting the same error.

really not sure, what’s causing the issue . i feel its protocol issue like HTTP or HTTPS.
This code is working perfectly fine on HTTPS.
Here is the console snap.

dan.woda · August 16, 2019, 5:57pm

Hi @puishan,

What version of auth0.js are you using? I have found a case where a user is experiencing a similar problem with auth0.js 9.5.x and it was solved by upgrading to 9.10.4.

Thanks,
Dan

dan.woda · August 30, 2019, 9:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.