diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
index fb538ec2..471c2b3e 100644
--- a/docs/oidc-client-ts.api.md
+++ b/docs/oidc-client-ts.api.md
@@ -351,7 +351,7 @@ export class OidcClient {
     processSignoutResponse(url: string): Promise<SignoutResponse>;
     // (undocumented)
     readSigninResponseState(url: string, removeState?: boolean): Promise<{
-        state: SigninState;
+        state: SigninState | undefined;
         response: SigninResponse;
     }>;
     // (undocumented)
diff --git a/src/OidcClient.ts b/src/OidcClient.ts
index 29f3a7cb..d4422325 100644
--- a/src/OidcClient.ts
+++ b/src/OidcClient.ts
@@ -152,7 +152,7 @@ export class OidcClient {
         return signinRequest;
     }
 
-    public async readSigninResponseState(url: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {
+    public async readSigninResponseState(url: string, removeState = false): Promise<{ state: SigninState|undefined; response: SigninResponse }> {
         const logger = this._logger.create("readSigninResponseState");
 
         const response = new SigninResponse(UrlUtils.readParams(url, this.settings.response_mode));
@@ -163,12 +163,8 @@ export class OidcClient {
         }
 
         const storedStateString = await this.settings.stateStore[removeState ? "remove" : "get"](response.state);
-        if (!storedStateString) {
-            logger.throw(new Error("No matching state found in storage"));
-            throw null; // https://github.com/microsoft/TypeScript/issues/46972
-        }
 
-        const state = await SigninState.fromStorageString(storedStateString);
+        const state = storedStateString ? await SigninState.fromStorageString(storedStateString) : undefined;
         return { state, response };
     }
 
@@ -183,6 +179,11 @@ export class OidcClient {
             extraHeaders = { ...extraHeaders, "DPoP": dpopProof };
         }
 
+        if (!state) {
+            logger.throw(new Error("No state was found in storage or response"));
+            throw null; //
+        }
+
         /**
          * The DPoP spec describes a method for Authorization Servers to supply a nonce value
          * in order to limit the lifetime of a given DPoP proof.
diff --git a/src/UserManager.ts b/src/UserManager.ts
index e515fccd..e013ae67 100644
--- a/src/UserManager.ts
+++ b/src/UserManager.ts
@@ -394,6 +394,13 @@ export class UserManager {
      */
     public async signinCallback(url = window.location.href): Promise<User | undefined> {
         const { state } = await this._client.readSigninResponseState(url);
+
+        // if no state from storage, assume signin popup
+        if (state === undefined) {
+            await this.signinPopupCallback(url);
+            return undefined;
+        }
+
         switch (state.request_type) {
             case "si:r":
                 return await this.signinRedirectCallback(url);