“Invalid State” Error upon Login

  • Hello,
    A couple of days ago I’ve installed and activated the Auth0 plugin for WordPress. I went to the login page, entered my credentials and encountered the common “Invalid State” error coupled with a 500 error.

    Things I have tried:
    *Checked for errors in the console, nothing there.
    *Turned on cookies for my browser.

    I’ve verified the Auth0 logs in the dashboard, and it shows that the login was successful.
    I’ve set the WP_DEBUG constant in wp-config.php to True and looked for any errors (In special the “BeforeValidException”), but did not find anything other than a few unrelated warnings.
    On the WP-Engine “General Settings” I purged all caches.
    Details:
    PHP version: 7.3
    Auth0 Plugin version: 3.11.1

    Any help is appreciated. Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Sorry for the trouble @sdasilva. We’ve got a guide to how to troubleshoot this here:

    https://auth0.com/docs/cms/wordpress/invalid-state

    Thread Starter sdasilva

    (@sdasilva)

    @auth0josh
    Thank you for the reply. I’ve followed the troubleshoot guide, however I wasn’t very luck in determining the exact problem. Here is what is happening with me as I follow the guide:

    • On step 2, I am asked to check if the auth0_state is being set. It is not. I then checked the console for errors and saw only the 500 response at index.php
    • I proceeded to adding the suggested snippet to the top of my wp-config.php file. I tried to login in this manner and saw a non-empty Array(). Because it was not an empty value, I did as told and checked the response headers for the callback URL loaded. There were NO responses listed with a 500 this time, I actually got a 200 OK response from the index. I did however find some evidence of caching, with a max-age= =600 and x-cache: HIT: 1.In the response headers I did not find the directive auth0_state=deleted, but I did see in the Cookies tab that auth0_state has a set value.
    • There was some evidence of caching, but the behavior did not quite match what was described in the guide. I then proceeded to edit the WP_Auth0_LoginManager.php file. The guide suggests adding some code just before a specific line, however it seems the code was updated and the link in the guide no longer points to the correct location of where to add the code. I had to do some guesswork and added it here
      After trying to login again, I can confirm that the state parameter in the $_REQUESTdoes not match the auth0_state of the $_COOKIE, which returns only an empty array.

    All this seems to suggest that the cookie did change at some point, but I am not sure what to do form this point forward. What do you recommend? Thank you.

    • This reply was modified 5 years, 2 months ago by sdasilva.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“Invalid State” Error upon Login’ is closed to new replies.