Distinguish between Missing State and Invalid State

Question

Distinguish between Missing State and Invalid State

aveiros opened this issue a year ago · comments

Checklist

I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
I have looked into the documentation and API documentation, and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

Often users hit the back button and land on the callback url with callback parameters (code + state) and we have no way to know (?) when an "Invalid state" error was caused by missing state or invalid state (state mismatch).

We would like to take different routes depending on each of the scenarios above.

Describe the ideal solution

Maybe use GenericError with a different error property in order to distinguish these two scenarios.

Alternatives and current workarounds

None (? i believe).

Additional context

No response

Frederik Prijck · Answer 1 · Mon May 22 2023 16:58:38 GMT+0800 (China Standard Time)

Thanks for reaching out, I believe that's a fair request and opened a PR to accommodate for this.