The session token is invalid: State in the token does not match the /continue state


I am using passwordless login with email as a provider along with some social providers. Sometimes, I won’t get the chance to capture the first name and the last name of the user. As such, I am trying to implement a progressive profiling flow. I thought about using Actions because it looks to offer exactly what I need.

However, I am facing an issue related to session token and I would like some help to figure out what I am missing or doing wrong.

Here are the steps I am currently doing:

  1. Inside onExecutePostLogin, I redirect my user to using api.redirect.sendUserTo. At this point, things are working fine and the user gets redirected correctly with the url containing the state and session_token.

  2. Once I capture the data I need from my user, I generate a JWT token with the secret: 1234(temporary)

  3. I then call the /continue method to invoke onContinuePostLogin within my Action. That seems to be working. However, once the action calls api.redirect.validateToken with my dummy secret(1234), I get the following message: The session token is invalid: State in the token does not match the /continue state.

From that point, I am not sure what I am doing wrong, I am guessing it’s in terms of how I generate my token, however I am not sure exactly. Any pointers would be appreciated.

Thank you.

After a good night of sleep, I realized that I simply did not include state inside my token.

Everything is working now.

Reading this really clarified it for me:

1 Like

No worries! We’ve all been there! Thanks for sharing with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.