FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Seeing " OAuth return is missing a valid CSRF token" message

    Scheduled Pinned Locked Moved Solved
    Q&A
    2
    3
    5.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I have an issue. When someone resets their password, they get a link in their email. Then when they click it, they get an error message: OAuth return is missing a valid CSRF token and see a FusionAuth error screen.

      How can I solve that?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @dan
        last edited by

        If this is isolated to one user it's happening to that's usually because the user is trying the flow across browsers or devices instead of completing the whole flow inside 1 browser.

        For example, they might be requesting the Change Password on their phone but then open up their email on a desktop and click the link. Thus the desktop browser would be missing the CSRF token from the beginning of the flow.

        This can also happen if they request it on Chrome, but click the link in the email in Firefox (or even Incognito/Private browser vs normal).

        If it is more widespread (across many users) then it is probably something else, like a theme issue.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • danD dan has marked this topic as solved on
        • B
          brad
          last edited by brad

          Duplicate post

          1 Reply Last reply Reply Quote 0
          • First post
            Last post