OAuth2 callback being invoked 2 times due to captcha
Hello Team, I'm integrating Auth0 (an OAuth2 provider) with Hubspot via the OAuth2 route. However, a captcha verification in the middle of the authorization workflow is invoking the callback back to Auth0 2 times with different codes. The first callback stays pending until I have clicked on the captcha, after which the callback gets canceled and a new callback gets initialized.
Since Auth0 (or any OAuth2 provider) embeds a state parameter to ensure security, the final callback is getting rejected. Any idea/suggestions on:
A. Why is the first callback request staying in the pending state?
B. How to avoid the second callback altogether?
OAuth2 callback being invoked 2 times due to captcha
Hello Teun, thank you for responding. The authentication flow is being triggered from a website, yes. This is the sequence of events that are happening.
1. We send the "authorize" request to the Hubspot endpoint:
https://app.hubspot.com/oauth/authorize?login_hint=&prompt=login&response_type=code&redirect_uri=htt...
2. Next up, I choose my account and log in. However, as you can see, the first callback request has already started.
3. Then the Captcha comes up, while the earlier callback request is ongoing
4. Finally, when I complete the captcha, the second callback request is sent and the earlier callback has been canceled. However, since the state parameter in both the callback is the same with different authorization codes generated by Hubspot, the OAuth2 server also rejects the second callback.
Callback #1 (canceled after completing the captcha): https://sybill-dev.us.auth0.com/login/callback?code=2f959928-07f2-4a5b-91a2-7e98c82808e3&state=xSy1H...
Callback#2 (rejected by our server because of the earlier callback): https://sybill-dev.us.auth0.com/login/callback?code=65563eea-4918-4271-a4fe-93a85f89eb5c&state=xSy1H...
Please let me know if there's anything else that I can provide to help you understand this error. Any help will be highly appreciated.
