I have looked through this topic but none seem to quite address our issue.
We are trying to integrate auth0 with our production environment after a successful integration in our dev (QA) environment. In production, we are getting this error after a successful authentication but during exchange it fails:
Auth0\SDK\Exception\StateException : Expected state to be a32c6d0303f21a1bc2c0cd0df70a8f41; client had [NOT SET ON CLIENT] in Auth0\SDK\Auth0->exchange() (line 188 of vendor/auth0/auth0-php/src/Auth0.php )
Looking at devtools in Chrome, there is a distinct difference between prod and dev upon login. In dev, I see we are setting auth0_session_0 and auth0_session_1 cookies for the login but not in production. These cookies are completely missing. The dev and prod code is identical along with the drupal they are working in. QA works without any issue. It’s the production version that is throwing the exception. Are there settings that could cause this discrepancy?
Thank you for posting your question on the Auth0 Community!
I am sorry about the delayed response to your inquiry.
Please take a look at this community post which appears to encounter the same State Exception error. The solution mentions that:
You seem to be requesting your /login route from 127.0.0.1, but your app is configured to return to localhost after authentication flow. These are different domains, and the cookie wouldn’t be shared between those. I was able to reproduce the invalid state exception when doing things that way, but that is to be expected, as the cookie shouldn’t be shared cross-domain. Try starting your login from localhost instead of 127.0.0.1 and see if it works
Let me know if that helped you solve the issue, if you have found one already or if you have any other questions regarding the matter by leaving a reply on the post!