Native Outsystems ODC App - missing state parameter

Native app, organisational invitation - “Missing state parameter in response from identity provider” when attempted to return back to app.

Hiya, hopefully someone has done this before, a head scratcher for you.

We have an Outsystems ODC native application.
We have setup a flow to handle launching the app on a mobile device on click of the invite.
The login URL setting in Auth0 points to a html/javascript website. The invite link therefore contains this website in its link, and launches it on click.
The website redirects to the applink of the app, launching the app on the mobile device, and opening the invitation page on Auth0 (this works). The app does this by sending the querystring of the invitation to the /authorize endpoint with a few extras like the client_id (as per spec).

The user fills in the password, and on submit when returning back to the app, we hit the error message “Missing state parameter in response from identity provider”. Therefore after accepting the invitation, the part where the flow logs the user in fails.

Does anyone have any ideas what I’m missing? I have tested the flow using a browser based app instead of the native app, and this works as designed.

Cheers!

Hi @Kush1,

Thanks for your question.

I have just checked an organization invitation link generated from the Management API’s create invitations to an organization endpoint. I found that it appends the invitational query parameters to the tenant’s default login URI.

If you have been experiencing the “Missing state parameter” error message, have you ensured that the state parameter is in the generated invitation URL?

The state parameter is used to maintain the state between the request and the callback to prevent CSRF attacks. Therefore, the state value must match the same value at the end as it did in the beginning.

Let me know how this goes for you.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.