Start a new topic

SocialError : The state parameters did not match (CSRF attack?).

Hey there,

Im trying to setup login with facebook on my Webapp.

If I call _Kinvey.Social.connect(null, 'facebook')_ and wait when the new page opens and connects to facebook, then when it closes and goes back to my app's page I get this error:

**debug: "The state parameters did not match (CSRF attack?)."

description: "The social identity cannot be obtained."

name: "SocialError"**

But if, as soon as the new page opens to connect to facebook, I change tabs back to my apps webpage then when connection with facebook is done, it is successful.

Hope this makes sense. Just to reiterate. If I wait for the automatic change back to my web app then it fails but it I change manually back to my web app before the automatic change happens then it succeeds.

Any idea why?


The problem is the Angular router uses a `#` for its routing. So the URL after the redirect back cannot be read successfully. I think this is solvable by manually specifying the redirect URL:


Kinvey.Social.connect(null, 'facebook', { redirect: 'http://localhost:8000/' });

I'm having the same issue.... localhost as the URL, just using the demo code here:

Twitter works but not Facebook.
i'm also seeing the same error. What redirect URL should I put in facebook? My log in page is located at http://localhost:8000/#/tab/account. I put http://localhost:8000/ as my website URL.
Hmm, Yea that could be. I am rewriting my URL's. I will take a look into it first thing Monday and post back if the problem was solved. Thanks!
Are you using any other libraries? I suspect some client-side routing mechanism rewrites the url and strips out the state parameter. What is the URL you’re redirecting back to?
Login or Signup to post a comment