Native app, organisational invitation - “Missing state parameter in response from identity provider” when attempted to return back to app.
Hiya, hopefully someone has done this before, a head scratcher for you.
We have an Outsystems ODC native application.
We have setup a flow to handle launching the app on a mobile device on click of the invite.
The login URL setting in Auth0 points to a html/javascript website. The invite link therefore contains this website in its link, and launches it on click.
The website redirects to the applink of the app, launching the app on the mobile device, and opening the invitation page on Auth0 (this works). The app does this by sending the querystring of the invitation to the /authorize endpoint with a few extras like the client_id (as per spec).
The user fills in the password, and on submit when returning back to the app, we hit the error message “Missing state parameter in response from identity provider”. Therefore after accepting the invitation, the part where the flow logs the user in fails.
Does anyone have any ideas what I’m missing? I have tested the flow using a browser based app instead of the native app, and this works as designed.
Cheers!
EDIT / Solution →
You need to generate your own state parameter (using a library like uuid or other) in your redirector (redirects from http(s) to applink), and then append state parameter to invite link called from the app. The app can pull parameters like invitation from the querystring passed in.
In essence, update login URI in auth0 to a hosted redirection page at http(s)://…
On receiving email, click to open redirection page. Pass QueryString params plus generated state value (append to QueryString) to your Applink. App generates auth0 invitation URL and calls it. Auth0 takes over and user can fulfil invitation. On Callback, back to the app , ensure state parameter is the same as that passed.