BadRequest: checks.state argument is missing auth0/nextjs

Please include the following information in your post:

  • Which SDK this is regarding: @auth0/nextjs-auth0
  • SDK Version: 1.3.0
  • Platform Version: next: 10.1.3, Node: 15.13.0
  • Code Snippets/Error Messages/Supporting Details/Screenshots:
    BadRequest: checks.state argument is missing after login

After successfully login in via Google or Github (as shown in auth0 logs):

The nextjs api callback function of the SDK receives the request (which contains query params: code, state & auth0: [ ‘callback’ ]) but does not exchange the code for an access token (fails with 400 BadRequest ‘checks.state’ argument is missing). This only occurs when in production (I am using Netlify to deploy my NextJS web application) but not when using the localhost development enviroment. I checked all enviroment vars and they are the same for production and development (except URLs) and also verified that the auth0 app configuration (in dashboard) matches with the enviroment vars.


Same issue here. This has been working for me for about a month and all of a sudden I get this error now and all my client websites are down. No changes to the code…

plot twist: I cant recreate this when my browser is in incognito

I receive this error when trying to login via a github deployment preview url I get through Vercel. It works locally and in production but not on preview urls. I believe the issue to be related to my AUTH0_BASE_URL env variable along with the configuration in auth0.

For me, I would assume that the issue involves this env var being used for production on a preview url that isn’t the same domain but would love insight on to how this can be rectified.

For you others, my best advice would be to analyze the redirect_uri on the network request and confirm it is what it should be based on your specific environment as well as ensuring you have the correct env variable. I don’t know if that will help, just my guess based on my experience.


On our side we have encountered the same issue deploying on Netlify. We have tested to deploy on Vercel and in a Docker container an we don’t have the issue.

Do you think it something can be linked to Netlify?

Seems to be related to [BUG] Netlify Functions event.headers.cookie sometimes suddenly used comma instead of semicolon - #7 by thomas.milewski - Support - Netlify Support Forums

They are working on a fix

1 Like

I there ! I posted a solution which worked for my specific case (Netlify + Nextjs + Auth0) on this thread : BadRequestError: checks.state argument is missing - #17 by scotty.j.roberts

Hope it can help you !

1 Like

Thanks for sharing it with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.