Start a new topic

SocialError : The state parameters did not match (CSRF attack?).

Hey there,



Im trying to setup login with facebook on my Webapp.



If I call _Kinvey.Social.connect(null, 'facebook')_ and wait when the new page opens and connects to facebook, then when it closes and goes back to my app's page I get this error:

**debug: "The state parameters did not match (CSRF attack?)."

description: "The social identity cannot be obtained."

name: "SocialError"**



But if, as soon as the new page opens to connect to facebook, I change tabs back to my apps webpage then when connection with facebook is done, it is successful.



Hope this makes sense. Just to reiterate. If I wait for the automatic change back to my web app then it fails but it I change manually back to my web app before the automatic change happens then it succeeds.



Any idea why?



Thanks.

Hey,



I setup mine in such a way that, when the user clicks login with facebook I redirect the page to a blank page ( Redirect the current page, not opening a new tab ). On this blank page I run Kinvey's Social Login,



var promise = Kinvey.Social.connect(null, "facebook");

promise.then(function(user) {

// Set logged in cookie or some alternative.

// Redirect to what ever url is relevant.

...

}, function(error) {

// Show error.

// Redirect back to signup.

...

});



On the success callback I do something that tells my server that the user is now logged in (In my case, set a cookie), and I redirect the page back to something. ( In my case I redirect to the root url [ www.somewebsitehere.com/ ] and since my server knows there is now a user logged in it serves the logged in page )



It's a bit easier it this way since the redirects are very controlled. Since a set mine up in this way I haven't had that error at all.



Let me know if I should elaborate on something. Hope it can help you solve your issue.
> @kueckermann said:

> Hey,

>

> I setup mine in such a way that, when the user clicks login with facebook I redirect the page to a blank page ( Redirect the current page, not opening a new tab ). On this blank page I run Kinvey's Social Login,

>

> var promise = Kinvey.Social.connect(null, "facebook");

> promise.then(function(user) {

> // Set logged in cookie or some alternative.

> // Redirect to what ever url is relevant.

> ...

> }, function(error) {

> // Show error.

> // Redirect back to signup.

> ...

> });

>

> On the success callback I do something that tells my server that the user is now logged in (In my case, set a cookie), and I redirect the page back to something. ( In my case I redirect to the root url [ www.somewebsitehere.com/ ] and since my server knows there is now a user logged in it serves the logged in page )

>

> It's a bit easier it this way since the redirects are very controlled. Since a set mine up in this way I haven't had that error at all.

>

> Let me know if I should elaborate on something. Hope it can help you solve your issue.



Thanks for the reply! Are you using ngRoute or ui-router? I'm using ui-router and when the popup comes up, it's pointing to localhost:3000/undefined and I can't seem to figure out why.
No, sorry Im routing pages by changing location.href. Are you using angular js? Are you setting up a single page web and switching pages with ajax?
Ah, didn't realize that. Yes, using Angular and the Angular SDK.
Ok. I don't really Angular that well. I hope you manage to figure it out :smile:
> @Mark said:

> The problem is the Angular router uses a `#` for its routing. So the URL after the redirect back cannot be read successfully. I think this is solvable by manually specifying the redirect URL:

>

> ```

> Kinvey.Social.connect(null, 'facebook', { redirect: 'http://localhost:8000/' });

> ```



Mark, do you have any official resolution to this? I'm running into the same issue and haven't been able to resolve it.
Login or Signup to post a comment