As of April 12th, you must go to Progress SupportLink to create new support cases or to access existing cases. Please, bookmark the SupportLink URL and use the new portal to contact the support team.
SocialError : The state parameters did not match (CSRF attack?).
k
kueckermann
started a topic
over 9 years ago
Hey there,
Im trying to setup login with facebook on my Webapp.
If I call _Kinvey.Social.connect(null, 'facebook')_ and wait when the new page opens and connects to facebook, then when it closes and goes back to my app's page I get this error:
**debug: "The state parameters did not match (CSRF attack?)."
description: "The social identity cannot be obtained."
name: "SocialError"**
But if, as soon as the new page opens to connect to facebook, I change tabs back to my apps webpage then when connection with facebook is done, it is successful.
Hope this makes sense. Just to reiterate. If I wait for the automatic change back to my web app then it fails but it I change manually back to my web app before the automatic change happens then it succeeds.
Are you using any other libraries? I suspect some client-side routing mechanism rewrites the url and strips out the state parameter. What is the URL you’re redirecting back to?
k
kueckermann
said
over 9 years ago
Hmm, Yea that could be. I am rewriting my URL's. I will take a look into it first thing Monday and post back if the problem was solved. Thanks!
k
kinance
said
over 9 years ago
i'm also seeing the same error. What redirect URL should I put in facebook? My log in page is located at http://localhost:8000/#/tab/account. I put http://localhost:8000/ as my website URL.
k
kalvin
said
over 9 years ago
I'm having the same issue.... localhost as the URL, just using the demo code here:
https://github.com/Kinvey/SignIn-Angular
Twitter works but not Facebook.
M
Mark
said
over 9 years ago
The problem is the Angular router uses a `#` for its routing. So the URL after the redirect back cannot be read successfully. I think this is solvable by manually specifying the redirect URL:
That wasn't able to fix my problem. So, my page starts off as http://localhost:8080/#/discover. Click on sign-in, and I've tried setting the redirect to both http://localhost:8080 and localhost:8080/#/discover, but neither work. Going straight to localhost:8080 redirects to http://localhost:8080/#/discover.
k
kueckermann
said
over 9 years ago
Hey I am also still having problems. I did find the reason why but I am not sure how to solve it.
In my application, when the user loads the page I call history.replaceState to fix any bad URL's the user may have typed in. If I call replaceState to set the URL to the correct URL it causes the facebook login to stop working.
I have also tried making the state variable on replaceState set to null, like it is if I dont call replaceState, but this didn't help. It seems the only way to fix the issue is not to use replaceState or pushState? Does anyone knows a way around this?
k
kinance
said
over 9 years ago
Me too. The manual redirect doesn't work. I also run the demo in iOS simulator, encountering the same error "The state parameters did not match (CSRF attack?).". But running the demo on localhost:8000, it can work sometimes.
M
Mark
said
over 9 years ago
The trick is to intercept the url and avoid the redirect somehow. This seems more an AngularJS routing problem though, so I’d recommend using the [AngularJS boards](https://groups.google.com/forum/#!forum/angular).
k
kinance
said
over 9 years ago
Thanks. Will look in the AngularJS board. I noticed that when I run the demo using phonegap in iOS simulator, it doesn't redirect or pop up the facebook login screen. Does anyone know how to enable the redirect/popup?
k
kueckermann
said
over 9 years ago
I solved this by opening a new window without rewriting any urls and once the login was complete, returned to the previous window. Probably the way I should have done it in the beginning anyway. Works great.
j
jdixon04
said
almost 9 years ago
> @kueckermann said:
> I solved this by opening a new window without rewriting any urls and once the login was complete, returned to the previous window. Probably the way I should have done it in the beginning anyway. Works great.
Hi, any chance you could elaborate on this? My sign in page is at localhost:3000/#/signin and when I attempt to login with facebook, it opens a new popup with the url of localhost:3000/undefined, closes the window, and returns to the same sign in page. Yet it does create a user in the users table.
Stuck.
j
jdixon04
said
almost 9 years ago
I did try the manual redirect, but had no luck.
j
jdixon04
said
almost 9 years ago
> @kalvin said:
> That wasn't able to fix my problem. So, my page starts off as http://localhost:8080/#/discover. Click on sign-in, and I've tried setting the redirect to both http://localhost:8080 and localhost:8080/#/discover, but neither work. Going straight to localhost:8080 redirects to http://localhost:8080/#/discover.
Same scenario for me. Were you able to resolve this?
kueckermann
Im trying to setup login with facebook on my Webapp.
If I call _Kinvey.Social.connect(null, 'facebook')_ and wait when the new page opens and connects to facebook, then when it closes and goes back to my app's page I get this error:
**debug: "The state parameters did not match (CSRF attack?)."
description: "The social identity cannot be obtained."
name: "SocialError"**
But if, as soon as the new page opens to connect to facebook, I change tabs back to my apps webpage then when connection with facebook is done, it is successful.
Hope this makes sense. Just to reiterate. If I wait for the automatic change back to my web app then it fails but it I change manually back to my web app before the automatic change happens then it succeeds.
Any idea why?
Thanks.