The session token is invalid: State in the token does not match the /continue state

Hi,

I am using passwordless login with email as a provider along with some social providers. Sometimes, I won’t get the chance to capture the first name and the last name of the user. As such, I am trying to implement a progressive profiling flow. I thought about using Actions because it looks to offer exactly what I need.

However, I am facing an issue related to session token and I would like some help to figure out what I am missing or doing wrong.

Here are the steps I am currently doing:

1. Inside onExecutePostLogin, I redirect my user to myapp.com/onboarding using api.redirect.sendUserTo. At this point, things are working fine and the user gets redirected correctly with the url containing the state and session_token.

2. Once I capture the data I need from my user, I generate a JWT token with the secret: 1234(temporary)

3. I then call the /continue method to invoke onContinuePostLogin within my Action. That seems to be working. However, once the action calls api.redirect.validateToken with my dummy secret(1234), I get the following message: The session token is invalid: State in the token does not match the /continue state.

From that point, I am not sure what I am doing wrong, I am guessing it’s in terms of how I generate my token, however I am not sure exactly. Any pointers would be appreciated.

Thank you.

After a good night of sleep, I realized that I simply did not include state inside my token.

Everything is working now.

Reading this really clarified it for me:

No worries! We’ve all been there! Thanks for sharing with the rest of community!