We are seeing this error too, specifically for one user. Most other users can log in just fine. In my case the user in question is using a native app (same as all the other users), which uses the Auth0 Cordova module for login against the hosted login page.
Is there anything on a particular user’s device that would cause this error?
The error you mentioned typically occurs when the state parameter is missing and you are using an OIDC-conformant client. Usually this problem occurs when users bookmark the /login URL that /authorize redirects to and attempt to log in directly.
The endpoint that the client application should redirect to is /authorize which is the entry point for redirect-based flows (Authentication API Explorer).
Hi @jerdog - in our case we’re using the Auth0 cordova package, which has its own authorize() method on it. That will do the redirecting to the endpoint it needs. So bookmarking shouldn’t be in play here.
Again, other users are able to log in with the same mobile app. Seems like some other factors can trigger this error on the Auth0 side…
One other note. In the Auth0 logs this user who is triggering this error does get a successful login event. So they get a successful login, but then this error in the logs. In their UI they end up seeing the Oops!, Something went wrong Auth0 page.
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?