Invalid Token: `state` does not match when redirecting to /authorize

reuvenk · June 27, 2021, 8:06am

Hi,

I have a webapp (react/node) using auth0.

The auth is started using WebAuth.authorize and validated on return using WebAuth.parseHash. Everything works fine.

My problem is that I need to create another flow in a different app, that will redirect to the login page and let the user log in to the app.

I am redirecting to my-domain.auth0.com/authorize using the params as defined here: Authentication API Explorer The login succeeds, but then it fails inside my app on the WebAuth.parseHash() phase, with the error ‘Invalid Token: state does not match’

As far as I can see, my app is not explicitly setting a state on the authorize call, and neither am I on the /authorize url.

What am I doing wrong and how can I fix this? Thanks!

dan.woda · June 28, 2021, 7:08pm

Hi @reuvenk,

Welcome to the Community!

If you simply want to redirect to the login page from a different app, you could consider using a default login route. Let me know if this doesn’t solve the problem.

reuvenk · June 29, 2021, 12:04pm

Hi,
I have a few apps using the same login, and I need to pass the redirect uri parameter to send to a specific app, so that won’t help me

dan.woda · June 29, 2021, 4:18pm

It sounds like you should be registering multiple apps for this.

system · August 23, 2021, 4:19pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.