amplify-js: Invalid state in OAuth flow
When I log in through the hosted UI, I am redirected to my domain with a code. All was working fine with version 1.1.23, when I upgraded to 1.1.25 I got an exception “Invalid state in OAuth flow”
The exception is thrown from
OAuth.prototype._validateState = function (urlParams) {
if (!urlParams) {
return;
}
var savedState = oAuthStorage.getState();
var returnedState = urlParams.state;
if (savedState !== returnedState) {
throw new Error('Invalid state in OAuth flow');
}
};
When I check savedState and returnedState, savedState is null and returnedState is undefined
- Device: MacBook Pro
- OS: 10.13.6
- Browser Chrome
- Version 73
[DEBUG] 36:20.15 AuthClass - getting current authenticted user ConsoleLogger.js:78 [DEBUG] 36:20.77 AuthClass - cannot load federated user from auth storage ConsoleLogger.js:78 [DEBUG] 36:20.78 AuthClass - get current authenticated userpool user ConsoleLogger.js:78 [DEBUG] 36:20.78 AuthClass - Failed to get user from user pool ConsoleLogger.js:88 [DEBUG] 36:20.79 AuthClass - The user is not authenticated by the error
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 18 (5 by maintainers)
II’m also getting this issue with my react application while using amplify. I have version 3.0.23.
EDIT:
I discovered the issue was due to my app client being configured with a client secret, which should not have been for the case of a react web application. I resolved this by creating a new app client and specifically unchecking “generate client secret” option and reconfigured my react app’s Cognito configurations with the new client_id.
Hi,
I am working on a fix for this, thanks for the patience.