Infinite redirect loop, "Invalid authorization request state." #89
Comments
|
@michaloslav - It looks like your callback is not quite correct (likely the fault of the README directions, which I'll correct based on your feedback). Here is what I have on my machine: router.get('/callback', function (req, res, next) {
passport.authenticate('auth0', function (err, user, info) {
if (err) {
return next(err);
}
if (!user) {
// You'll need to define this route somewhere as well.
return res.redirect('/auth/failure?type=callbackFailure&info=' + JSON.stringify(info));
}
req.logIn(user, function (err) {
if (err) {
return next(err);
}
const returnTo = req.session.returnTo;
delete req.session.returnTo;
res.redirect(returnTo || '/user');
});
})(req, res, next);
});It looks like Login looks ok (and seems to be working if you're getting to the callback route) but, so you have it, here's what I've got on my local: router.get('/login', (req, res, next) => {
const authenticator = passport.authenticate('auth0', { scope: 'openid email profile' })
authenticator(req, res, next)
});Again, let me know if that helps and I'll update the examples. |
|
@joshcanhelp THANK YOU!!! Oddly enough I actually had the /callback route set up very similarly before but it still wouldn't work which is why I tried following the docs in this repo instead. Now that I think about it though, I probably didn't have Anyway, it's working now so again, thank you so much |
|
For those who have implemented the above answer but are still having issues, the problem might lie in your reverse proxy configuration if that's what you're using. Mine's running on Apache and I've described my solution here: https://stackoverflow.com/a/67891167/8221175 As for why this might happen for those interested: passport.authenticate('auth0', async (err: any, user: any, info: any) => {
if (err) {
return next(err);
}
if (!user) {
return res.redirect('/login');
}
// ... etc
})(req, res, next); However, if your reverse proxy or cookie/session settings aren't configured correctly, then your cookies might not persist. If that happens, the data in the When we arrive in the above code, passport tries to retrieve the Anyway, when that happens, passport cancels the authentication and provides the "Invalid authorization request state." message, and thus causes the If this is the problem, it has nothing to do with Auth0, but is rather likely caused by faulty configuration. The link to my SO answer above has examples of correct settings so you can fix this problem. |
I'm trying to get a basic Auth0 app running. I followed the Node example on the Auth0 dashboard but I ran into an infinite redirect loop between /login and /callback. I tried to simplify the code using the getting started example of this repo's readme, right now my routing code looks like this:
Everything about my setup follows the instructions I got on my Auth0 dashboard.
I did some digging and found out that /login is called twice, then /callback is called twice, then /login twice and so on and so on. I also found out that if I give the /callback's passport.authenticate a callback, it receives these arguments:
null, false, {message: "Invalid authorization request state."}Google didn't find anything meaningful when I searched for the phrase "Invalid authorization request state." and I did everything according to the docs. Any idea what I'm doing wrong?
[X] I have checked the Auth0 Community for related posts.
[X] I have checked for related or duplicate Issues and PRs.
[X] I have read the Auth0 general contribution guidelines.
[X] I have read the Auth0 Code of Conduct.
[X] I am reporting this to the correct repository (this issue might be for the base Passport library).
The text was updated successfully, but these errors were encountered: