OpenID Resource Owner Auth - error using tokens with auth0.js 9.7.3

I’m using an api that leverages Auth0’s legacy Authentication API to log a user in like this: https://auth0.com/docs/api/authentication#resource-owner

The api call succeeds, and I pass the access token, ID token, and token type to my front end UI, then set them on window.location.hash so it looks like this:
https://{{mydomainhere}}/controller/action#access_token=valuehere&id_token=valuehere&token_type=Bearer

Then I call Auth0’s javascript library (v9.7.3) webAuth.parseHash(…) passing in the window.location.hash containing the hash in the URL above. It’s at this step that I get an error “invalid_token: ‘state’ does not match”.

Checking the logs in Auth0, I see “Success Exchange (Password for Access Token)” then “Failed Silent Auth (Login required)”. I am not using auth0.js to initiate authorization since I’ve done so via my api, so I’m not sure why auth0.js views this as a silent auth request.

This worked about a year ago, but now I’m revisiting this code and it’s failing. Is what I’m trying to do possible?

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?