Hi,
I try to use Passwordless with Lock and Cordova. But I have a bug with auth0-state :
I log the requests on /authorize and /login and I see the “state” parameter change when the request redirect from /authorize to /login.
This is the request (redact) :
https://XXXXXXXXXX.eu.auth0.com/authorize?client_id=XXXXXXXXXX&scope=openid%20profile&audience=https%3A%2F%2FXXXXXXXXXX.eu.auth0.com%2Fuserinfo&state=cTaOjEd5oU18Nhikmf0SnfQQAT6P3Vxvz3fZAfQe3vw&code_challenge_method=S256&response_type=code&redirect_uri=com.XXXXXXXXXX.mobileapp%3A%2F%2FXXXXXXXXXX.eu.auth0.com%2Fcordova%2Fcom.XXXXXXXXXX.mobileapp%2Fcallback&code_challenge=rDAuZtpGMby22GGgavGhNb-MG5ihBn2EvfVk7asLCtk&auth0Client=eyJ2ZXJzaW9uIjoiMC4zLjAiLCJuYW1lIjoiYXV0aDAtY29yZG92YSIsImxpYl92ZXJzaW9uIjoiOS42LjEifQ%3D%3D
You can see the state parameter : &state=cTaOjEd5oU18Nhikmf0SnfQQAT6P3Vxvz3fZAfQe3vw
This request is redirect to /login :
https://XXXXXXXXXX.eu.auth0.com/login?state=giaSpAzawCuttLNvjO0imJR5Tb3m-6YU&client=XXXXXXXXXX&protocol=oauth2&scope=openid%20profile&audience=https%3A%2F%2FXXXXXXXXXX.eu.auth0.com%2Fuserinfo&code_challenge_method=S256&response_type=code&redirect_uri=com.XXXXXXXXXX.mobileapp%3A%2F%2FXXXXXXXXXX.eu.auth0.com%2Fcordova%2Fcom.XXXXXXXXXX.mobileapp%2Fcallback&code_challenge=rDAuZtpGMby22GGgavGhNb-MG5ihBn2EvfVk7asLCtk&auth0Client=eyJ2ZXJzaW9uIjoiMC4zLjAiLCJuYW1lIjoiYXV0aDAtY29yZG92YSIsImxpYl92ZXJzaW9uIjoiOS42LjEifQ%3D%3D
You can the state parameter : state=giaSpAzawCuttLNvjO0imJR5Tb3m-6YU
The parameter changed.
And in auth0-cordova the request parameter (cTaOjEd5oU18Nhikmf0SnfQQAT6P3Vxvz3fZAfQe3vw) is compare to response parameter (iaSpAzawCuttLNvjO0imJR5Tb3m-6YU)
As you can see, it’s not the same. And an error occured : Response state does not match expected state’
Can you tell me why the state token change from /redirect to /login and how can I fix that?
Thank you.