Auth0 Home Blog Docs

State parameter changing

state

#1

Hi guys, I’m seeing the “state” change in my request / response loop with your authorize end point

url = f"https://{auth0_envs['AUTH0_DOMAIN']}/authorize"

params = {
 "response_type": "code",
 "client_id": auth0_envs['AUTH0_CLIENT_ID'],
 "connection": auth0_envs['AUTH0_CONNECTION'],
 "redirect_uri": urljoin(request.build_absolute_uri('/'),
 reverse(RECOVERY_CALLBACK)),
 # "state": b64encode(session_wrapper.session_uuid.encode('utf-8')),
 "state": b64encode(str(123).encode('utf-8'))
}

json_header = {
 'content-type': 'application/json',
 # 'Authorization': f"Bearer {get_auth0_jwt()}"
}

response = auth0_get(url=url, params=params, headers=json_header)
if response.status_code == HTTPStatus.OK:
 return redirect(response.url)

and seeing this in the response url.
https://domain.eu.auth0.com/login?state=G23Rzw1hO9Z7jawImvUKy88cvycmk5uB&client=cmKzqTIOUw3SVhPuGmXzyAm2TPpi01nO&protocol=oauth2&response_type=code&connection=myconnection&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Faccount_recovery%2Fcallback%2F

Note that the state parameter is nothing like the value passed in above.

please advise…