State provided to /authorize different then state in /login

I do not understand how auth0 is handling state. If I hit the /authorize endpoint with a state. It redirects to the login page with a different state. So once I authenticate I of course get a state error as I am redirected to my app with the state I sent to the /authorize page.

How do I properly handle state when building a request to the /authorize url myself?

Hi @liam2

Thanks for contacting Auth0 Community.

You are correct in that /login will use a different state but once you authenticate the original state will be returned to your callback url. e.g If I use the authorization code flow as below:


/login uses something like:


After authenticating successfully I am returned to my callback url with original state:

Can you share which flow you were using?

Warm regards.