From 14903bc5da9c12399da8e92f1355362a4ad7e75d Mon Sep 17 00:00:00 2001
From: frederikprijck <frederik.prijck@auth0.com>
Date: Tue, 30 May 2023 10:51:31 +0200
Subject: [PATCH] Fix missing invalid state errors with Generic Error

---
 __tests__/Auth0Client/getTokenSilently.test.ts | 16 +++++++++++++---
 __tests__/Auth0Client/loginWithPopup.test.ts   | 18 ++++++++++++++----
 src/Auth0Client.ts                             |  4 ++--
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/__tests__/Auth0Client/getTokenSilently.test.ts b/__tests__/Auth0Client/getTokenSilently.test.ts
index 2c46b1cbc..e2cdd6f52 100644
--- a/__tests__/Auth0Client/getTokenSilently.test.ts
+++ b/__tests__/Auth0Client/getTokenSilently.test.ts
@@ -1835,9 +1835,19 @@ describe('Auth0Client', () => {
         })
       );
 
-      await expect(auth0.getTokenSilently()).rejects.toThrowError(
-        'Invalid state'
-      );
+      let error;
+
+      try {
+        await auth0.getTokenSilently();
+      } catch (e) {
+        error = e;
+      }
+
+      expect(error).toBeDefined();
+      expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('state_mismatch');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('saves into cache', async () => {
diff --git a/__tests__/Auth0Client/loginWithPopup.test.ts b/__tests__/Auth0Client/loginWithPopup.test.ts
index f883ebb6a..1149192ee 100644
--- a/__tests__/Auth0Client/loginWithPopup.test.ts
+++ b/__tests__/Auth0Client/loginWithPopup.test.ts
@@ -34,6 +34,7 @@ import {
   DEFAULT_AUTH0_CLIENT,
   DEFAULT_POPUP_CONFIG_OPTIONS
 } from '../../src/constants';
+import { GenericError } from '../../src/errors';
 
 jest.mock('es-cookie');
 jest.mock('../../src/jwt');
@@ -476,16 +477,25 @@ describe('Auth0Client', () => {
 
     it('throws error if state from popup response is different from the provided state', async () => {
       const auth0 = setup();
+      let error;
 
-      await expect(
-        loginWithPopup(auth0, undefined, undefined, {
+      try {
+        await loginWithPopup(auth0, undefined, undefined, {
           authorize: {
             response: {
               state: 'other-state'
             }
           }
-        })
-      ).rejects.toThrowError('Invalid state');
+        });
+      } catch (e) {
+        error = e;
+      }
+
+      expect(error).toBeDefined();
+      expect(error.message).toBe('Invalid state');
+      expect(error.error).toBe('state_mismatch');
+      expect(error).toBeInstanceOf(Error);
+      expect(error).toBeInstanceOf(GenericError);
     });
 
     it('calls `tokenVerifier.verify` with the `issuer` from in the oauth/token response', async () => {
diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
index 31d7387ba..c2ee187cb 100644
--- a/src/Auth0Client.ts
+++ b/src/Auth0Client.ts
@@ -379,7 +379,7 @@ export class Auth0Client {
     });
 
     if (params.state !== codeResult.state) {
-      throw new Error('Invalid state');
+      throw new GenericError('state_mismatch', 'Invalid state');
     }
 
     const organizationId =
@@ -898,7 +898,7 @@ export class Auth0Client {
       const codeResult = await runIframe(url, this.domainUrl, authorizeTimeout);
 
       if (stateIn !== codeResult.state) {
-        throw new Error('Invalid state');
+        throw new GenericError('state_mismatch', 'Invalid state');
       }
 
       const tokenResult = await this._requestToken(