I do not understand how auth0 is handling state. If I hit the /authorize endpoint with a state. It redirects to the login page with a different state. So once I authenticate I of course get a state error as I am redirected to my app with the state I sent to the /authorize page.
How do I properly handle state when building a request to the /authorize url myself?
Hi @liam2
Thanks for contacting Auth0 Community.
You are correct in that /login will use a different state but once you authenticate the original state will be returned to your callback url. e.g If I use the authorization code flow as below:
https://your-domain/authorize?&
response_type=code&
client_id=your-client-id&
redirect_uri=https://jwt.io&
scope=openid+email&
state=abc123state
/login uses something like:
state=hKFo2SBEeF84TmtIRk9NZzZLTE...
After authenticating successfully I am returned to my callback url with original state:
Can you share which flow you were using?
Warm regards.
