This person got the same error:
Though they did not add what code was missing. I have tried adding a state to the session_token as such:
const session_token = api.redirect.encodeToken({
secret: event.secrets.REDIRECT_SECRET,
expiresInSeconds: 60,
payload: {
sub: event.user.user_id,
email: event.user.email,
continue_uri: `https://${AUTH0_DOMAIN}/continue`,
state: "abc123"
},
});
But obviously it is not a valid state, because it was not generated by Auth0 and does not match the /continue state wanted.
I have also tried to exchange the state from abc123 to state: event.transaction?.state but that is also not the correct state to add. The state from the URI is something long like this: hKFo2SBRNklVMFVPM2FkODh4ZUs4bGhwOWVyUEQtSW5nRTl2NKFuqHJlZGlyZWN0o3RpZNkgNnpzSXdMbzNkRGZluy0tdkowbm5nSG5BM2t5aTdSRkujY2lk2SBFNmdEV3ZmUVlIYmpPT3h3RDM5bk1pNlIzSklVcTQwMg whereas the state from the transaction is something short like this: S2NpVk1NU1JlbWFwMWxfY05vbnJIQmphMkNMVAZFcGt4UDNzMHJ5TUxibA==.
I get either the first error that it is a mismatch, or that the configuration is wrong.