State missing when using Okta SSO

amit.leshem · August 7, 2025, 10:41am

I have Auth0 SPA with expressJS application, that uses google as IdP and we are adding support for Okta.
the Google login flow is working fine, but using Okta and following the instructions from Auth0 docs: “Configure Okta SAML app integration” we have issues.

The user has a button in the Okta dashboard that redirects to our login page: https://login.[APP_DOMAIN]/login/callback?connection=[CONNECTION]

If the user is not logged in already, than after the authentication process and it’s redirects are done the user is redirected to:
https://[APP_DOMAIN]/authorize?code=[CODE] without state, response_type, scope and other query params I see when connecting with google, and the user gets the following message:
{"statusCode":400,"message":"state missing from the response"} and indeed there is no state in the url params.

if the user refreshes the page, the app is loaded normally and the user data is fetched as if everything is fine.

if the user was already authenticated before clicking the button in Okta’s dashboard, the follow works fine without error messages.

what is needed to do for the login flow with Okta IdP to work flawlessly, pass the state, and not to end with the “state missing” error message?

thanks,
Amit

gerald.czifra · August 7, 2025, 7:19pm

Hi @amit.leshem

Welcome to the Auth0 Community!

Please allow me some time to look into the issue and I will be back with more information.

Thank you for your patience!
Gerald

gerald.czifra · August 8, 2025, 7:41pm

Hi @amit.leshem

Thank you for your patience!

Based on the behaviour that you mentioned, you are certainly on the right track and I believe there might be two things that need to be tweaked in order to make the flow function correctly:

within your Application, add the connection hint ( see the following documentation : Login and get user info ) so that, when login is triggered, the connection parameter is sent to Auth0 via loginWithRedirect;
within your Okta Admin dashboard, the URL that your Application points to should contain the connection name as a query parameter. As an example, if your App is named " okta-saml", the URL in Okta should look something like this : https://[APP_DOMAIN]/login?connection=okta-saml

Let me know if this helped get the flow functioning correctly!

Best regards,
Gerald

Topic		Replies	Views
Okta redirection to dashboard page Get Help passwordless , auth0-lock , okta	1	4011	November 14, 2019
Redirecting Application - SSO with Okta Get Help community-topic , other	1	1129	May 30, 2023
Cannot authenticate after IDP initiate login Get Help auth0 , spa , okta , reactjs , idp-initiated	4	3146	December 16, 2021
Okta as IdP Auth0 as SP redirect uri ignored Get Help connections , saml-enterprise-connection	3	146	December 9, 2024
OKTA iDp, Auth0 SP, Cant redirect back to application? Get Help connections , saml-enterprise-connection	1	1060	July 25, 2023

State missing when using Okta SSO

Related topics