Understanding StateMismatchError
MSAL verifies the state returned by the server with the original state as a security protocol. In case the state is different this exception is thrown.
Known issues
For apps when using a long Facebook Id observed to be 33 characters or more for example somelongemailaddressfortest@gmail.com, this exception is thrown. Embedded web view in desktop apps uses Internet Explorer and it truncates the URL to 2083 characters which causes the value of state parameter in the URL to be truncated. This causes the returned state to be different from the original state.
To mitigate please use .WithUseEmbeddedWebView(false)
and refer to Using web browsers (MSAL.NET).
References
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for