I’m trying to pass data back to Auth0 when user redirected to external site. I’m trying to follow this guide Redirect with Actions but it doesn’t work for me, it returns me an error The session token is invalid: State in the token does not match the /continue state.
I found this answer The session token is invalid: State in the token does not match the /continue state where suggestion was put state
inside the session JWT, but I don’t know where to get state value inside the onExecutePostLogin
function. I tried to use event.transaction.state
but it deviates with the state value passed as query parameter. As a result I’m still getting the same error.
Here is my steps.
- Click login
- Run onExecutePostLogin
- Encode token
const sessionToken = api.redirect.encodeToken({
payload: {},
secret: event.secrets.SESSION_TOKEN_SECRET,
expiresInSeconds: 120,
})
- Make redirect
api.redirect.sendUserTo(`${event.secrets.WEB_URL}/auth/linking`, {
query: {
session_token: sessionToken,
},
})
-
External site redirects user to <auth0_domain>/continue?session_token=<session_token_generated_in_on_execute_post_login>&state=<state_passed_as_query_parameter_by_send_user_to_function>
-
Run
onContinuePostLogin
-
Validate token
const payload = api.redirect.validateToken({
secret: event.secrets.SESSION_TOKEN_SECRET,
tokenParameterName: 'session_token',
})
And here I got the error about state
mismatch. My question is where to get actual state
value in onExecutePostLogin
to put it inside the session JWT? Or what another way to pass data safely from onExecutePostLogin
to onContinuePostLogin
? Thanks!