Custom state leads to error after upgrading to 3.14.0

[MichdeJong]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.14.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.0.4

Public or Confidential Client?

Public

Description

We have an Angular application connected to Azure B2C. We have some instances where we pass a custom state parameter on our requests.
Since upgrading from msal-browser 3.1.0 to 3.14.0 (msal-angular 3.0.4 to 3.0.17) we are getting errors handling the redirect:
Error - Interaction type validation failed due to invalid_state: State was not the expected format

Error Message

[018faafb-8d9f-70a4-b219-89d5655425bf] : msal.js.browser@3.14.0 : Error - Interaction type validation failed due to invalid_state: State was not the expected format

	log	@	msal-instance.factory.ts:44
	executeCallback	@	Logger.mjs:83
	logMessage	@	Logger.mjs:76
	error	@	Logger.mjs:90
	getRedirectResponse	@	RedirectClient.mjs:188
	(anonymous)	@	RedirectClient.mjs:88
	(anonymous)	@	chunk-Y6Q6HMFU.js?v=e8ea7555:78
	ZoneAwarePromise	@	zone.js:2611
	__async	@	chunk-Y6Q6HMFU.js?v=e8ea7555:62
	handleRedirectPromise	@	RedirectClient.mjs:81
	(anonymous)	@	FunctionWrappers.mjs:74
	(anonymous)	@	StandardController.mjs:211
	(anonymous)	@	chunk-Y6Q6HMFU.js?v=e8ea7555:78
	ZoneAwarePromise	@	zone.js:2611
	__async	@	chunk-Y6Q6HMFU.js?v=e8ea7555:62
	handleRedirectPromiseInternal	@	StandardController.mjs:190
	(anonymous)	@	StandardController.mjs:173
	(anonymous)	@	chunk-Y6Q6HMFU.js?v=e8ea7555:78
	ZoneAwarePromise	@	zone.js:2611
	__async	@	chunk-Y6Q6HMFU.js?v=e8ea7555:62
	handleRedirectPromise	@	StandardController.mjs:160
	handleRedirectPromise	@	PublicClientApplication.mjs:204
	(anonymous)	@	azure-msal-angular.mjs:50
	invoke	@	zone.js:365
	onInvoke	@	core.mjs:14882
	invoke	@	zone.js:364
	run	@	zone.js:111
	(anonymous)	@	zone.js:2447

MSAL Logs

msal-issue-1716561570583.log

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

auth: {
            clientId: "xxxxxx",
            authority: "https://login-dev.xxx.nl/xxxxx/B2C_1A_XXX",
            knownAuthorities: ["login-dev.xxx.nl"]
            redirectUri: "https://localhost:4201/auth",
            postLogoutRedirectUri: "https://mijn-dev.xxx.nl/afgemeld",
            navigateToLoginRequestUrl: true
        },
        cache: {
            cacheLocation: BrowserCacheLocation.SessionStorage,
            storeAuthStateInCookie: isIE, // set to true for IE 11
        },
        system: {
            loggerOptions: {
                loggerCallback,
                logLevel: LogLevel.Info,
                piiLoggingEnabled: false
            }
        }

Relevant Code Snippets

const endSessionRequest: EndSessionRequest = {
            postLogoutRedirectUri: "https://localhost:4201/",
            state: "myState",
            extraQueryParameters: { "ui_locales": "nl-NL"}
        };

this.msalService.logoutRedirect(endSessionRequest);

Reproduction Steps

Log in
Execute the logoutRedirect with and EndSessionRequest with a custom value for state
Observe the error when handling the redirect back to the application

Expected Behavior

No error is shown and the state can be read from the query parameter

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome

Regression

@azure/msal-browser 3.1.0

Source

External (Customer)