State and Code Parameters Stuck in URL react-auth0 - User Getting Logged Out on Page Refresh

gabriela.pantea · October 2, 2024, 3:09pm

Overview

After logging into an application that utilizes react-auth0, state and code parameters are still shown on the callback URL, resulting in the user getting logged out after a page refresh.

Applies To

Applications using react-auth0

Cause

This is caused by the misconfiguration or the lack of the function onRedirectCallback found in the Auth0Provider, which deals with the code and state parameters.

Solution

Implement the onRedirectCallback function.

This function specifically deals with removing the state and code parameters from the URL after being redirected from the authorize page. Without it, the state and code parameters will still be present in the URL, making it an invalid callback URL and getting the user logged out on page reload.

Here’s a code example for it:

const onRedirectCallback = (appState) => {
  history.push(
    appState && appState.returnTo ? appState.returnTo : window.location.pathname
  );
};

Please make sure to pass this when rendering the Auth0Provider

Related References

Auth0 - React

Topic		Replies	Views
State parameter missing from callback Help bug , pkce , callback	3	5173	July 10, 2021
React Redirect to orignal page Help auth0 , react	3	4675	January 20, 2022
handleRedirectCallback failing with "Invalid State" error & empty response Help	1	2219	October 10, 2022
Mysterious code in Auth0 React wrapper Help	5	3627	September 21, 2019
Auth0 React SPA onRedirectCallback redirection solution Help	2	9759	May 14, 2020