BadRequestError: checks.state argument is missing

I’m receiving this error as well using that package. I just dropped an issue in github. Everything works great for me in every browser except Safari both on localhost and hosted on vercel.

I think it might be. It worked for me on localhost, but when I deployed it to Vercel, trying to sign in triggers this for me.

The problem started when I did the major version upgrade to 1.1.0.

Yeah, I was able to get past it on my deployed production URL by re-entering my environment variables but when Vercel auto deploys on a PR - with a sort of https://<regular-url>-<random-url>.vercel.app - I receive this error. My environment variables are all set for development and production so I feel like it has to do with the callback urls within Auth0.

I’ve attempted things like https://<regular-url>* and https://*.vercel.app but neither have worked. I even put a full url that was created with a PR auto deploy and it still didn’t work so I’m unsure what to try next.

3 Likes

hi, have you guys solved this problem ? I’m having it when deploying in Netlify…
Thanks for any hint!

Yeah, I’m seeing this problem too. No idea what’s going on :frowning:

Same problem here as well, became noticeable once I tried adding an API with authentication protected routes as well, the login button throws the error.

Hi there !

I really hope my message will help some of you.
After having struggled quite a lot, I finally found what was the origin of the problem in my case :

My website is deployed on Netlify, and I’m using the ‘@auth0/nextjs-auth0’ dependenciy. Locally, I’m using netlify cli to test it, with the ‘netlify dev’ command instead of the default Next.js command ‘npm run dev’.

While with ‘npm run dev’ the environment variables are read from the .env.local file, using ‘netlify dev’ the environment variables are directly injected from the production dashboard environment variables, causing this issue because it brings the AUTH_BASE_URL from production.

In order to ignore the production ones (or override them when testing locally), I created a .env.development file with a AUTH0_BASE_URL=http://localhost:8888 instead of the AUTH0_BASE_URL=https://.netlify.app, and it works fine!

1 Like

Thanks for sharing that with the rest of community!

I get this error when i use afterCallback as a promise in handleAuth in my Next.js application.

I’m on Next.js canary and auth0/nextjs-auth0 1.3.1

const afterCallback = async (…, session, …) {

return session
}

export default handleAuth({
async callback(req, res) {
await handleCallback(req, res, { afterCallback })
}
})

1 Like

Hey there,

Not sure if there is any definitive answer on this but this is also happening to my on my vanilla express deployment, using the Universal Login and the express-openid-connect library.

It really creates such an untenable user experience and a lot of stress knowing this is happening in the wild.

What concrete steps should I take to mitigate this? From the thread so far it seems that the issue could be related to:

  1. Dropped cookies
  2. Misconfigured base URL

I’ve wrote in to support but want to explore as many avenues as possible to fix this.

Best,
Christian.

2 Likes

we’re having the same issues and everything is configured correctly as far as we can tell. No clue how to get around it.

@philihp Did you find a solution to the problem , I have also hosted using vercel and works fine only on localhost

I got the “checks.state argument is missing” in my website doployed on vercel and your reply made me realize that i forgot to change the AUTH0_BASE_URL for the vercel domain “subdomain.vercel.app” im using instead of localhost.
Also i forgot to add the “subdomain.vercel.app/api/auth/callback” in Auth0 Allowed Callback URL section.
Now everything is working just fine, thanks.

2 Likes

Wooohooo perfect! Glad to hear that!

So I get the same issue, trying to authenticate using the callback url with the following format
/api/auth/callback?access_token=youraccesstoken&scope=yourscope&subject=yoursubject&refresh_token=yourrefreshtoken&expires_in=yourexpiresin&token_type=Bearer&state=randomstate

Am I missing something? My app is NextJS app

also getting same issue :frowning:, my BASE_URL is pointing to my live domain, and the bug doesn’t happen to all my users so its a hard bug to replicate

2 Likes

I have the same problem. It is an Next.js app. Don’t know where else to look. Callback URL seems to be right… I’m deploying on Netlify, could that be a problem? Don’t know… after a week of trying I’m about to give up. Any help is appreciated !

sorry… my mistake here… somehow I managed to screw in a very complicated copy/paste action, the Auth0 client secret… Everything is up and running!

1 Like

Glad to hear that!

Can you share exactly what that was?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.