auth0
Auth0 invalid state parameter in go lang
I have been following the Auth0 go example here, and it works fine when I am testing it locally, but when I deploy my test app, when going through the flow, I am getting an invalid state parameter.
I can see that the error is happening in this code block:
if r.URL.Query().Get("state") != session.Values["state"] {
// BUG it is failing here in prod
http.Error(w, "Invalid state parameter", http.StatusBadRequest)
return
}
If I highlight the URL in the browser, and press enter, the auth with work fine as expected and redirect me accordingly. It appears to me this is happening because the session cookie being generated by gorilla/sessions might not be ready on the first attempt, but on the second attempt it is, but this is a strict assumption.
Note: This issue does not happen when testing locally, but when I am deployed behind a traefik loadbalancer.
I made sure that I am setting the pragma: no-cache header assuming that the browser, but thats not it.
Any ideas how to overcome this issue on a deployed app (the app is behind a https url).
