State token change between /authorize and /login


I try to use Passwordless with Lock and Cordova. But I have a bug with auth0-state :
I log the requests on /authorize and /login and I see the “state” parameter change when the request redirect from /authorize to /login.

This is the request (redact) :

You can see the state parameter : &state=cTaOjEd5oU18Nhikmf0SnfQQAT6P3Vxvz3fZAfQe3vw

This request is redirect to /login :

You can the state parameter : state=giaSpAzawCuttLNvjO0imJR5Tb3m-6YU

The parameter changed.

And in auth0-cordova the request parameter (cTaOjEd5oU18Nhikmf0SnfQQAT6P3Vxvz3fZAfQe3vw) is compare to response parameter (iaSpAzawCuttLNvjO0imJR5Tb3m-6YU)

As you can see, it’s not the same. And an error occured : Response state does not match expected state’

Can you tell me why the state token change from /redirect to /login and how can I fix that?

Thank you.

1 Like

@mrpierrot were you able to solve your issue? if not, could you share the code you are using for authentication?

@kimcodes I investigate a bite.
I used the magic link system with email.
If I use the code system (with email) I can see the /login state is not related to the /authorize state.
If I use the code system, my url callback use the /authorize state token and work fine.

But, I don’t use Auth0 anymore. And It’s solved my problem :smiley: …sorry…