Hi.
I am having an issue with Auth0 recently where I get a 400 bad request when authenticating with Safari. My setup has worked fine until recently with all browsers, and I have not made any changes to the auth setup that should break this. For reference, I am using Next.js with next-auth0.
The error occurs after entering the login details, and pressing “continue”. Then, the applications errors, because the request to /api/auth/callback returns 400.
In the Auth0 logs, I get the following message:
{
“date”: “2024-04-29T18:06:51.873Z”,
“type”: “feacft”,
“description”: “Invalid authorization code”,
“connection_id”: “”,
“client_id”: “[client_id]”,
“client_name”: “[my_client_name]”,
“ip”: “[redacted]”,
“user_agent”: “Other 0.0.0 / Other 0.0.0”,
“details”: {
“code”: “******************************************kQd”
},
“hostname”: “[my_hostname].eu.auth0.com”,
“user_id”: “”,
“user_name”: “”,
“auth0_client”: {
“name”: “nextjs-auth0”,
“version”: “3.5.0”,
“env”: {
“node”: “v18.20.2”
}
},
“$event_schema”: {
“version”: “1.0.0”
},
“log_id”: “90020240429180651966232000000000000001223372040554126731”,
“_id”: “90020240429180651966232000000000000001223372040554126731”,
“isMobile”: false,
“id”: “90020240429180651966232000000000000001223372040554126731”
}
On my Next.js log output, I get the following:
a [CallbackHandlerError]: Callback handler failed. CAUSE: invalid_grant (Failed to verify code verifier)
code: ‘ERR_CALLBACK_HANDLER_FAILURE’,
cause: o [Error]: invalid_grant (Failed to verify code verifier)
error: ‘invalid_grant’,
errorDescription: ‘Invalid authorization code’,
status: 400,
statusCode: 400,
openIdState: { returnTo: ‘http://localhost:3000/’ }
},
status: 400
}
Has anyone encountered something similar? This only happens in Safari and is happening both on mobile and desktop, in production, and on my local machine.
Any help would be greatly appreciated.