Invalid Login State with Google

Connections
Feb 20, 2026
Overview
A user logging in with Google may get the following error, even if the default login route is set:

You may have pressed the back button

To reproduce this issue, follow these steps:
  1. Login using a Google account that has not consented to share information during the OAuth flow.
  2. On the Google OAuth consent page (throttle your internet connection to Slow 3G - this helps reproduce the next step). Click Continue to consent to sharing information with our app.
  3. While the callback (`https://<tenant_domain>/login/callback?...`) is in flight, click Continue again. This triggers another request to Google and results in another callback with a different auth code.

 
Applies To
  • Google Connection
  • Authentication
Cause
When this article was created, the Google consent form allowed multiple clicks on the continue button. This triggers Google to send a second authorization code to the tenant /login/callback endpoint after Auth0 has processed the first one successfully, resulting in the error.
Solution
When this happens, the default login route is not used.
  • A workaround is to set a custom error page and handle it there by checking the query string parameters appended to the URL.
  • At this point, a redirection can be issued back to the app to start the login flow again.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community