New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
{error: "invalid_token", errorDescription: "state
does not match."} using Universal login
#819
Comments
Hi, this doesn't look like a bug in the SDK. Looks like a bug in your code. Please reach out to our amazing support team at https://support.auth0.com so they can better assist you with your scenario. I'd start by trying to figure it out why the state stored in localStorage is not the same as the one being sent to /authorize. |
Thanks for the quick reply. Any hints as to why the state would be different? It's all being set by the Auth0 SDK from my understanding ( |
Hey @luisrudge so sorry to keep posting on a Here's what happens on the hosted page: The next call to I assume that's where the Again, I'm sorry to bother, but it seems to me that I can't really control this state change on my side. |
After you log in, what state is sent back to your application? The second state is internal to Auth0 and shouldn't be taken into consideration for this issue. Here's an example: https://brucke.club/ - if you click the "Universal Login Page" button, it will behave in the same way as your screenshot: But the state that the server sends back to the application is the correct one: |
Thank you @luisrudge, you were absolutely correct, the issue was with my code. Thanks for nudging me in the right direction! Here's a description of my situation for people finding this issue later: TLDR: Make sure In my case I was using the Router component incorrectly. I was using The fix was to use the So:
to
|
@giedrius-timinskis thanks for adding the full explanation here. I'm sure this will help people that have the same issue in the future. I'm glad you figured it out! |
Thanks @giedrius-timinskis for explaining what caused the error (handleAuthentication being called more than once). Mine was a little bit different though but the problem was the same, handleAuthentication was being called more than once. I was trying to implement hooks on all the components, and forgot to add the square bracket [] at the end of the useEffect hook that calls the handleAuthentication. |
Hello. I've been reading about this issue in Auth0 forums, and under the issues in this repo. None of the solutions seem to help or apply to my situation, I'm hoping you guys can help me out.
Here is a URL to reproduce the issue:
https://uts-tkd-app2.herokuapp.com/
Here are the relevant code snippets:
Auth.js
index.tsx
App.tsx
Just render method because the rest is irrelevantLogin.tsx
LoginResult.tsx
I can also share the access to codebase if needed, just need to clean up credentials and such before I do that.
One thing I noticed is that the
state
that is being saved in localStorage on pressing the Log in button on/login
is different from URL param in the hosted page (assuming that's the issue, but I have no clue as to why this is happening).Tested on Chrome Version 68.0.3440.106 on Windows, with Incognito mode both enabled and disabled.
I seem to experience the issue when using both SSO and manual signin/signup methods.
Using
"auth0-js": "^9.7.3"
.Any help would be appreciated, I've spent the last 5 hours bashing my head against this problem, trying different permutations of the same example over and over again.
Thank you!
The text was updated successfully, but these errors were encountered: