WordPress Invalid State


I have been having issues with using Auth0 in conjunction with WordPress. I know there are a lot of topics on this forum discussing this issue, but I have yet to find one that matches my issue.

I am attempting to use the Universal Login to have a user log in to view the site (we are using a plugin called My Private Site). I have followed the article on the Auth0 site (https://auth0.com/docs/cms/wordpress/invalid-state), but when I get to the second step, the auth0_state cookie is not set. When looking at the console once I get to the Invalid state error, it looks like Iā€™m getting some kind of 500 error in lock.min.js at ln9.

I have also tried disabling the plugin and just using Auth0 to log in to the wp-admin side of the site, but the same thing seems to happen. Not exactly sure where to go from here. Thoughts?

1 Like


Welcome and thank you for posting in Auth0 Community! :partying_face: :tada:

The most common cause of the invalid state error is when the callback URL is cached on the server. Please try to exclude caching on your server for all the URLs listed in the Allowed Callback URLs field for your Application Settings in the Auth0 Dashboard and test again. In addition, exclude caching the site URL (/index.php on a regular install) if it has an Auth0 URL parameter.

Can you please PM me your tenant and can you generate a har file for us, so that we can see the requests/responses to auth0?