Invalid Token, State does not match- Auth-0 Error

I am getting an error in Auth-0 authentication. when login clicked then, it throws error “Invalid toekn” state does not match. Then it redirect back to login page. There is no change made and it is still working fine in staging.

It was working fine few days back. I am running this on local using docker ro run the web (React-JS) and API in PHP. Auth-0 credentials are correct and we never made any changes since beginning.
This is my code.

   handleAuthentication(success) {
     this.auth0.parseHash((err, authResult) => {
     if (authResult && authResult.accessToken && authResult.idToken) 

      } else if (err) {

Here is the error.
TypeError: IdTokenVerifier is not a constructor
and It returns:
Invalid Token, State does not match
Browsers i have tested:
Chrome(Normal and in-cognitive), FireFox

Hi @puishan,

Welcome back!

It looks like this error is in regards to a line where you try and use new IdTokenVerifier.

Can you post the code associated with this line?

That would likely explain the invalid token.


Hi @dan.woda
the code is given below.

 WebAuth.prototype.validateToken = function(token, nonce, cb) {
  var verifier = new IdTokenVerifier({
    issuer: this.baseOptions.token_issuer,
    audience: this.baseOptions.clientID,
    leeway: this.baseOptions.leeway || 0,
    __disableExpirationCheck: this.baseOptions.__disableExpirationCheck

  verifier.verify(token, nonce, function(err, payload) {
    if (err) {
      return cb(error.invalidJwt(err.message));

    cb(null, payload);

It throws the error when parseHash function is called. One things i noticed. parseHash is called twice somehow.
I checked logs in Auth0 , its says, i have logged in successfully.
still not able to resolve it. This IdTokenVerifier code is written in auth0.js.
Your help is appreciated. Thanks

It looks like this package is separate from auth0.js.

Have you required it?

Hi sir, but auth-0 has dependency on idToekn-verifier.
have a look here.

 "auth0-js": {
  "version": "8.12.0",
  "resolved": "",
  "integrity": "sha1-gnJvXJCYLW/06b67p4TZTUuf9BU=",
  "requires": {
    "base64-js": "^1.2.0",
    "idtoken-verifier": "^1.1.0",
    "qs": "^6.4.0",
    "superagent": "^3.3.1",
    "url-join": "^1.1.0",
    "winchan": "^0.2.0"

It’s not installed separately. Thanks

You are using a deprecated version of Auth0.js. I wonder if this is causing the problem?

i will update the Auth0.js package and let’s see , if this could solve the problem. Thanks

1 Like

If that doesn’t do it we can go from there. Thanks!

I tried to migrate to V9. but still getting the same error.

really not sure, what’s causing the issue . i feel its protocol issue like HTTP or HTTPS.
This code is working perfectly fine on HTTPS.
Here is the console snap.

Hi @puishan,

What version of auth0.js are you using? I have found a case where a user is experiencing a similar problem with auth0.js 9.5.x and it was solved by upgrading to 9.10.4.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.