I’m trying to pass data back to Auth0 when user redirected to external site. I’m trying to follow this guide Redirect with Actions but it doesn’t work for me, it returns me an error The session token is invalid: State in the token does not match the /continue state.
I found this answer The session token is invalid: State in the token does not match the /continue state where suggestion was put state inside the session JWT, but I don’t know where to get state value inside the onExecutePostLogin function. I tried to use event.transaction.state but it deviates with the state value passed as query parameter. As a result I’m still getting the same error.
Here is my steps.
- Click login
- Run onExecutePostLogin
- Encode token
const sessionToken = api.redirect.encodeToken({
payload: {},
secret: event.secrets.SESSION_TOKEN_SECRET,
expiresInSeconds: 120,
})
- Make redirect
api.redirect.sendUserTo(`${event.secrets.WEB_URL}/auth/linking`, {
query: {
session_token: sessionToken,
},
})
-
External site redirects user to <auth0_domain>/continue?session_token=<session_token_generated_in_on_execute_post_login>&state=<state_passed_as_query_parameter_by_send_user_to_function>
-
Run
onContinuePostLogin -
Validate token
const payload = api.redirect.validateToken({
secret: event.secrets.SESSION_TOKEN_SECRET,
tokenParameterName: 'session_token',
})
And here I got the error about state mismatch. My question is where to get actual state value in onExecutePostLogin to put it inside the session JWT? Or what another way to pass data safely from onExecutePostLogin to onContinuePostLogin? Thanks!