Hi ,
Welcome to the Support Portal. How can we help?
Follow

"The state received from the authority server is invalid"

Table of Contents

 

Error message

2020-01-20 11:05:56.430 WARN [10] w365support uid(null) NDAW.Html.Front.OAuth2.OAuth2StateService - Given authentication state's issued date `1/20/2020 8:14:33 AM` is older then `00:05:00` from now `1/20/2020 10:05:56 AM`

state.PNG

This could be happening if the request state is older than 5 minutes or the request state is invalid.

  • State is older than 00:05:00 (5 minutes)
  • Requested state is wrong/reused

 

State is older than 00:05:00 (5 minutes)

If you navigate to the workspace with oAuth2 configured, you will be redirected to the Authority (Azure AD or, if it's a federated domain, to the ADFS). The oAuth2 protocol demands a request state from the application (Workspace 365). In this case, the request state is the exact time of the redirect to the Authority. When you are redirected and you're not completing the sign-in process within these 5 minutes, the request state is older than 00:05:00 (5 minutes). This happens occasionally when you have set the workspace as start page and the user is not signing in within this time frame.

 

Requested state is wrong/reused

If you navigate to your workspace URL e.g. https://stable.workspace365.me/w365support you will find out that you are redirected to the sign in page of your Authority. In this case, the SSO application created in Azure AD.

wrong_or_reused.PNG

Occasionally, users bookmark this page. In the current URL (listed below) the request state is included. Every time they open the bookmark, they will be prompted that the request state is invalid. 

https://login.microsoftonline.com/w365support.onmicrosoft.com/oauth2/authorize?client_id=7c9fb7fe-5642-4809-be5d-9ad7d0a8934a&resource=7c9fb7fe-5642-4809-be5d-9ad7d0a8934a&response_type=code&redirect_uri=https%3a%2f%2fstable.workspace365.me%2fw365support%2fOAuth2%2fHandleAuthorityResponse&state=I2O-crv_rjp_GVVBWiliW4DWPsjDggCNtexUkp-6jTQ5W9ymMGg4BZVlJtjvJfZfshSPSn0A_MWgZ8B8Tegp0u7iktx3mq2Fl5rF-ZttASM4kMrx4nA2VJwWqBgQKeuuQ0-O-n6C58L3yYtX8AfiQfbzibhKmVcgCMdedEgfkyB1uGC4Lg3t8T3S4brGRwZMWo2HZhzixGgUr7bZT3tE_0vOpml7vrcmhYAs_lfR6wyHagFudi6UEOCMgoPb8XVpJYlIYfdocRqana7y5RcWiklhlKSABRqpwsRfsBQpluk1

 

Solution

  1. If you are using Windows 10 with an Azure AD joined device, you can benefit from the full Single Sign-On experience by using Edge as browser or by installing the Windows 10 Accounts extension in Chrome.
  2. Click 'Retry'. 

Back to top