Invalid Token: `state` does not match when redirecting to /authorize


I have a webapp (react/node) using auth0.

The auth is started using WebAuth.authorize and validated on return using WebAuth.parseHash. Everything works fine.

My problem is that I need to create another flow in a different app, that will redirect to the login page and let the user log in to the app.

I am redirecting to using the params as defined here: Authentication API Explorer The login succeeds, but then it fails inside my app on the WebAuth.parseHash() phase, with the error ‘Invalid Token: state does not match’

As far as I can see, my app is not explicitly setting a state on the authorize call, and neither am I on the /authorize url.

What am I doing wrong and how can I fix this? Thanks!

Hi @reuvenk,

Welcome to the Community!

If you simply want to redirect to the login page from a different app, you could consider using a default login route. Let me know if this doesn’t solve the problem.

I have a few apps using the same login, and I need to pass the redirect uri parameter to send to a specific app, so that won’t help me

It sounds like you should be registering multiple apps for this.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.