Laravel: Invalid state after signup/login with google

I am using login1 folder of github example app, because the one we can download from ‘download sample app’ is frozen at a lower laravel version than we need.

When we try to signup using Google (it’s enabled in app’s settings), we are returned to our callback page with the following 2 params

code=......&state=g6Fo2SBpc..... NkgMW5sQTJ6cWJUYjVLRkc4VEdxQVdseUJVRnJoV2JhVno#

When auth0 package arrives at this point

if (!$this->stateHandler->validate($state)) {
      throw new CoreException('Invalid state');
    }

It fails.

Investigating I reached SessioneStateHandler.php file and it does this

public function validate($state) {
        $valid = $this->store->get(self::STATE_NAME) == $state;
        $this->store->delete(self::STATE_NAME);
        return $valid;
    }

where self::STATE_NAME is webauth_state.

So I am here to ask where to change the expected state_name ?
Or can web change the returned param name from state to webauth_state ?

It’s very sad the official code is broken.

EDIT 1:

Damn, If I manually change callback url parameter from state to webauth_state, all works !

What is happening?

EDIT 2:

I was reading the manual quickstart and i see that

 public function login()
{
    $authorize_params = [
        'scope' => 'openid email email_verified',
        // Use the key below to get an Access Token for your API.
        // 'audience' => config('laravel-auth0.api_identifier'),
    ];
    return \App::make('auth0')->login(null, null, $authorize_params);
}

Actually the code on github uses this code for login

/**
 * Redirect to the Auth0 hosted login page
 *
 * @return mixed
 */
public function login(Request $request)
{
    return \App::make('auth0')->login(null, null, ['scope' => 'openid name email email_verified'], 'code');
}

Can it be this ?!

Help, I’m totally lost

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?