State parameter changing

ammar1 · October 16, 2018, 3:51pm

Hi guys, I’m seeing the “state” change in my request / response loop with your authorize end point

url = f"https://{auth0_envs['AUTH0_DOMAIN']}/authorize"

params = {
 "response_type": "code",
 "client_id": auth0_envs['AUTH0_CLIENT_ID'],
 "connection": auth0_envs['AUTH0_CONNECTION'],
 "redirect_uri": urljoin(request.build_absolute_uri('/'),
 reverse(RECOVERY_CALLBACK)),
 # "state": b64encode(session_wrapper.session_uuid.encode('utf-8')),
 "state": b64encode(str(123).encode('utf-8'))
}

json_header = {
 'content-type': 'application/json',
 # 'Authorization': f"Bearer {get_auth0_jwt()}"
}

response = auth0_get(url=url, params=params, headers=json_header)
if response.status_code == HTTPStatus.OK:
 return redirect(response.url)

and seeing this in the response url.
https://domain.eu.auth0.com/login?state=G23Rzw1hO9Z7jawImvUKy88cvycmk5uB&client=cmKzqTIOUw3SVhPuGmXzyAm2TPpi01nO&protocol=oauth2&response_type=code&connection=myconnection&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Faccount_recovery%2Fcallback%2F

Note that the state parameter is nothing like the value passed in above.

please advise…

konrad.sopala · August 22, 2019, 7:48am

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?