Invalid Token: `state` does not match when redirecting to /authorize

reuvenk · June 27, 2021, 8:06am

Hi,

I have a webapp (react/node) using auth0.

The auth is started using WebAuth.authorize and validated on return using WebAuth.parseHash. Everything works fine.

My problem is that I need to create another flow in a different app, that will redirect to the login page and let the user log in to the app.

I am redirecting to my-domain.auth0.com/authorize using the params as defined here: Authentication API Explorer The login succeeds, but then it fails inside my app on the WebAuth.parseHash() phase, with the error ‘Invalid Token: state does not match’

As far as I can see, my app is not explicitly setting a state on the authorize call, and neither am I on the /authorize url.

What am I doing wrong and how can I fix this? Thanks!

dan.woda · June 28, 2021, 7:08pm

Hi @reuvenk,

Welcome to the Community!

If you simply want to redirect to the login page from a different app, you could consider using a default login route. Let me know if this doesn’t solve the problem.

reuvenk · June 29, 2021, 12:04pm

Hi,
I have a few apps using the same login, and I need to pass the redirect uri parameter to send to a specific app, so that won’t help me

dan.woda · June 29, 2021, 4:18pm

It sounds like you should be registering multiple apps for this.

Topic		Replies	Views
State provided to /authorize different then state in /login Get Help classic-universal-login-experience , login-experience	1	1053	April 26, 2023
Getting invalid state on redirect Get Help login-experience , new-universal-login-experience	8	7829	July 19, 2023
Invalid_token; `state` does not match Get Help auth0 , auth0js , login , access-token , state	11	13290	December 15, 2022
`state` does not match Get Help auth0	7	11829	December 30, 2019
Log in error: "invalid token", description: "`state` does not match" Get Help log-in-error	6	7613	March 2, 2018

Invalid Token: `state` does not match when redirecting to /authorize

Related topics