Problem with FoF OAuth After Moving Flarum from Subfolder to Subdomain

amanijoseph87

I recently moved my Flarum installation from a subfolder (e.g., example.com/forums) to a subdomain (e.g., forums.example.com). Since making this change, I've been encountering the following error when users attempt to authenticate using OAuth:

FoF\OAuth\Errors\AuthenticationException
Invalid state'

The error seems to originate from the following code snippet in vendor/fof/oauth/src/Controller.php:

if ($e->getMessage() === 'Invalid state' || $e instanceof IdentityProviderException) {
    throw new AuthenticationException($e->getMessage());
}

Additionally, I see a detailed error log being generated with server parameters, request attributes, cookies, and query parameters logged as part of the OAuth error handling.

Steps I Took

Moved Flarum from example.com/forums to forums.example.com.
Updated the config.php file to reflect the new URL.
Cleared caches using php flarum cache:clear.
Verified the OAuth credentials in the admin panel.

I suspect this issue might be related to CSRF security due to the Invalid state error, but I'm not sure how to resolve it, I have already tried removing and reinstalling the FoF OAuth extension, but the problem persists

flarum

Your question in theSupport tag seems to be missing the php flarum info output.

Providing this information in your initial request:

reduces back and forth asking for this information
can help us identify the root cause even when they're not apparent from your report
will result in more accurate answers to your request
allows us first-hand to identify the issue in case the Base URL is provided

Please consider editing your post and providing this output, see https://docs.flarum.org/troubleshoot for more information.

Thanks for your understanding.

[bot:require-info-command]