State missing when using Okta SSO

amit.leshem · August 7, 2025, 10:41am

I have Auth0 SPA with expressJS application, that uses google as IdP and we are adding support for Okta.
the Google login flow is working fine, but using Okta and following the instructions from Auth0 docs: “Configure Okta SAML app integration” we have issues.

The user has a button in the Okta dashboard that redirects to our login page: https://login.[APP_DOMAIN]/login/callback?connection=[CONNECTION]

If the user is not logged in already, than after the authentication process and it’s redirects are done the user is redirected to:
https://[APP_DOMAIN]/authorize?code=[CODE] without state, response_type, scope and other query params I see when connecting with google, and the user gets the following message:
{"statusCode":400,"message":"state missing from the response"} and indeed there is no state in the url params.

if the user refreshes the page, the app is loaded normally and the user data is fetched as if everything is fine.

if the user was already authenticated before clicking the button in Okta’s dashboard, the follow works fine without error messages.

what is needed to do for the login flow with Okta IdP to work flawlessly, pass the state, and not to end with the “state missing” error message?

thanks,
Amit

gerald.czifra · August 7, 2025, 7:19pm

Hi @amit.leshem

Welcome to the Auth0 Community!

Please allow me some time to look into the issue and I will be back with more information.

Thank you for your patience!
Gerald

gerald.czifra · August 8, 2025, 7:41pm

Hi @amit.leshem

Thank you for your patience!

Based on the behaviour that you mentioned, you are certainly on the right track and I believe there might be two things that need to be tweaked in order to make the flow function correctly:

within your Application, add the connection hint ( see the following documentation : Login and get user info ) so that, when login is triggered, the connection parameter is sent to Auth0 via loginWithRedirect;
within your Okta Admin dashboard, the URL that your Application points to should contain the connection name as a query parameter. As an example, if your App is named " okta-saml", the URL in Okta should look something like this : https://[APP_DOMAIN]/login?connection=okta-saml

Let me know if this helped get the flow functioning correctly!

Best regards,
Gerald

system · August 22, 2025, 7:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
OAuth2: State Parameter is Missing in Redirect URL After Login Get Help login-experience , new-universal-login-experience	2	168	March 18, 2025
Checks.state argument is missing error when logging in using Okta on Chrome Get Help login-experience , new-universal-login-experience	0	919	February 10, 2023
Redirecting Application - SSO with Okta Get Help community-topic , other	1	1131	May 30, 2023
How to add default relay state in Auth0 SAML application? Get Help saml , login-experience , protocols	1	1901	October 3, 2023
Create a custom SSO portal for online web apps Get Help login-experience , login-prompt-new-experience	0	687	September 11, 2023

State missing when using Okta SSO

Related topics