Distinguish between Missing State and Invalid State
aveiros opened this issue · comments
Checklist
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the documentation and API documentation, and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
Often users hit the back button and land on the callback url with callback parameters (code + state) and we have no way to know (?) when an "Invalid state" error was caused by missing state or invalid state (state mismatch).
We would like to take different routes depending on each of the scenarios above.
Describe the ideal solution
Maybe use GenericError
with a different error property in order to distinguish these two scenarios.
Alternatives and current workarounds
None (? i believe).
Additional context
No response
Thanks for reaching out, I believe that's a fair request and opened a PR to accommodate for this.