Localhost redirected you too many times

hi i am implementing authentication with regular web application in php and i have configured the application in the dashboard but its giving me this error localhost redirected you too many times.

ini_set('error_log', 'php_errors.log');
 ini_set('log_errors', 1);
ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);
 require 'vendor\autoload.php';
use GuzzleHttp\Client;
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Exception\StateException;
use Auth0\SDK\Utility\PKCE;
use Latte\Engine as Template;


require 'vendor/autoload.php';

echo 'Login/n';


$configuration = new SdkConfiguration(
    clientId: 'xxxxx',
    clientSecret: 'xxxxxx',
    cookieSecret: 'xxxx',
    cookieExpires: 36000, // Session will expire in 1 hour
   // audience: $env['API_IDENTIFIER'] !== null && $env['API_IDENTIFIER'] !== '{API_AUDIENCE}' ? [$env['API_IDENTIFIER']] : null,
    redirectUri: 'http://localhost/phptest/'

 $auth0 = new Auth0($configuration);

 $session = $auth0->getCredentials();

if (null === $session || $session->accessTokenExpired()) {
    // Redirect to Auth0 to authenticate the user.
    header('Location: ' . $auth0->login());
if (null !== $auth0->getExchangeParameters()) {


    $state = hash('sha256', bin2hex(random_bytes(32)));
    $nonce = hash('sha256', bin2hex(random_bytes(32)));
    $verifier = PKCE::generateCodeVerifier();
    $challenge = PKCE::generateCodeChallenge($verifier);

    // Store the state, nonce and PKCE verifier in a flash session
    $store = $configuration->getTransientStorage();
    $store->set('state', $state);
    $store->set('nonce', $nonce);
    $store->set('code_verifier', $verifier);


Hi @bhavith.chandra,

Thanks for your question. There’s a lot going on in this sample that will invalidate other portions of itself.

  • You’re invoking echo() before any of the subsequent header() redirects occur, which corrupts the headers and invalidates the state.
  • You’re invoking exchange() but not redirecting afterward, which will invalidate the state.
  • You’re using clear() immediately after the code exchange, which results in an infinite redirect loop.
  • You’re corrupting the transient storage state with everything being called after clear().
1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.