-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v4.0.7-beta.7 "InvalidStateError: The state parameter is invalid" in callback #1821
Comments
Hey @ltatakis-optaxe 👋 It sounds like the You'll have to make sure the headless browser is preserving the transaction cookie and passing the query parameters back from Auth0 to your application to be able to consume that state and complete the transaction. |
@guabu you are correct it seems that its likely that the state parameter is missing from the callback URL. Auth0 developer support have advised me to solve this with https://auth0.com/docs/quickstart/spa/react/01-login#add-login-to-your-application eg As :
it would suggest this is a regression in the current version. |
I have managed to replicate the issue with the example sample application provided at https://github.com/auth0/nextjs-auth0/tree/v4.0.0-beta.9/examples/with-shadcn The only changes I made to make it run with our environment is:
this worked locally but in the headless browser I got "The state parameter is invalid" |
@guabu I have found the offending line, its here. While 3.5.0 had another way to determine the secure flag as seen here The reasons this is an issue for us is because in our E2E environment are:
Would you consider changing this logic OR adding some sort of parameter that we can at least knowingly turn this off in specific scenarios? Thank you |
Hey @ltatakis-optaxe 👋 Thanks for sharing more context! As you pointed you, we set the We've decided to check the protocol of the The changes should be out in the next release (linked above). |
fantastic thank you @guabu |
@guabu the latest version 10 has fixed my issue. Thank you. |
Checklist
Description
In my application I have the following code
In most of our setups this works as expected. However, in some scenarios when running within a virtual browser within our infrastructure we get the error
which is returned as the
startingError
ofonCallback
.The auth0 credentials and config are all correct. The auth0 logs of the tenant themselves says the users logs in correctly.
The only response I have found about this is here. A 4 year old community post.
It does seem that within the Auth0 realm the Network tab is cleared after each process (email/password etc) but I have the same behaviour in our other environments but they log in successfully.
We have had these virtual browsers using v.3.5.0 for a while without this issue, so this is something new.
Reproduction
InvalidStateError
but Auth0 platform says its successfully logged me in
Additional context
No response
nextjs-auth0 version
4.0.0-beta.7
Next.js version
15.0.3
Node.js version
v22.11.0
The text was updated successfully, but these errors were encountered: