Hi guys, I’m seeing the “state” change in my request / response loop with your authorize end point
url = f"https://{auth0_envs['AUTH0_DOMAIN']}/authorize"
params = {
"response_type": "code",
"client_id": auth0_envs['AUTH0_CLIENT_ID'],
"connection": auth0_envs['AUTH0_CONNECTION'],
"redirect_uri": urljoin(request.build_absolute_uri('/'),
reverse(RECOVERY_CALLBACK)),
# "state": b64encode(session_wrapper.session_uuid.encode('utf-8')),
"state": b64encode(str(123).encode('utf-8'))
}
json_header = {
'content-type': 'application/json',
# 'Authorization': f"Bearer {get_auth0_jwt()}"
}
response = auth0_get(url=url, params=params, headers=json_header)
if response.status_code == HTTPStatus.OK:
return redirect(response.url)
and seeing this in the response url.
https://domain.eu.auth0.com/login?state=G23Rzw1hO9Z7jawImvUKy88cvycmk5uB&client=cmKzqTIOUw3SVhPuGmXzyAm2TPpi01nO&protocol=oauth2&response_type=code&connection=myconnection&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Faccount_recovery%2Fcallback%2F
Note that the state parameter is nothing like the value passed in above.
please advise…