microsoft-authentication-library-for-js: AuthError: Unexpected error in authentication.: Hash does not contain state.
I’m submitting a…
[ ] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:
Browser:
- Chrome version XX
- Firefox version XX
- IE version XX
- Edge version XX
- Safari version XX
Library version
1.0.0
Current behavior
Steps to reproduce.
- Attempt a B2C login flow using loginRedirect
- When asked to log in, click “reset password” (This will redirect back to the SPA)
- Catch the AuthError (AADB2C90118) and redirect the user to the password reset flow
- Click “cancel” on the password reset flow. (This redirects back to the SPA)
now calling new UserAgentApplication(config)
will error with the message:
AuthError: Unexpected error in authentication.: Hash does not contain state.
At this point you can’t recover. Even if you catch the error, clear session storage, and try to call new UserAgentApplication(config)
it will still error again.
Expected behavior
After redirecting back to the SPA after the user clicks “cancel” msal should trigger your errorReceivedCallback and give it an error that can be recovered from.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 12
- Comments: 24 (4 by maintainers)
Please re-open this issue. Getting the same problem, setting
storeAuthStateInCookie
totrue
does not resolve the problem.Same issue here with Google Chrome (build 80.0.3987.122). Regular login works, but when using a custom Sign Up policy we receive the
AuthError: Unexpected error in authentication.: Hash does not contain state.
error.I have the same problem in my case the browser is Edge Chromium and I can’t get the password reset flow to work with Ad B2C, if the user cancels or completes the flow I get the error.
note: I have
storeAuthStateInCookie
intrue
With msal 1.3.1 error still present.
Same as @jeverduzco. I am having the issue in Edge Chromium when using the password reset flow in AD B2C. I also have storeAuthStateInCookie set to true
I see a lot of people have this problem.
Reason - aad for some reason loses state on reset password flow. What is state? Msal records string on your page before redirect to aad, and compares it to response that you got after redirecting from aad, to insure that request to aad was issued by user`s browser.
How to fix it?
And, if you like me, experienced a number of other issues, I would recommend rewriting msal altogether.
I am seeing the same error when redirecting from Sign Up v2
I am facing same issue when authorization flow is not triggered from msal, I am implementing user invitation flow using custom policy, flow works fine, after completion it redirects to the app, but msal raise above error, how to handle this scenario?
In the beta (1.3.0-beta.1) version work fine for me.
I am also getting this issue in the latest version of Firefox (74.0.1) and Chrome (81.0.4044.92). I have included
storeAuthStateInCookie: true
in my msal config.My steps to reproduce are as follows:
Unhandled Rejection (AuthError): Unexpected error in authentication.: Hash does not contain state.
in my stack trace, the source of the error is when I initialize in my code:
new msal.UserAgentApplication(environment.msalConfig);
From there the stack trace is as follows (NOTE that this is in calling order, not reverse order like a stack track):