Not sure if there is any definitive answer on this but this is also happening to my on my vanilla express deployment, using the Universal Login and the express-openid-connect library.
It really creates such an untenable user experience and a lot of stress knowing this is happening in the wild.
What concrete steps should I take to mitigate this? From the thread so far it seems that the issue could be related to:
Dropped cookies
Misconfigured base URL
I’ve wrote in to support but want to explore as many avenues as possible to fix this.
I got the “checks.state argument is missing” in my website doployed on vercel and your reply made me realize that i forgot to change the AUTH0_BASE_URL for the vercel domain “subdomain.vercel.app” im using instead of localhost.
Also i forgot to add the “subdomain.vercel.app/api/auth/callback” in Auth0 Allowed Callback URL section.
Now everything is working just fine, thanks.
So I get the same issue, trying to authenticate using the callback url with the following format
/api/auth/callback?access_token=youraccesstoken&scope=yourscope&subject=yoursubject&refresh_token=yourrefreshtoken&expires_in=yourexpiresin&token_type=Bearer&state=randomstate
I have the same problem. It is an Next.js app. Don’t know where else to look. Callback URL seems to be right… I’m deploying on Netlify, could that be a problem? Don’t know… after a week of trying I’m about to give up. Any help is appreciated !
, my BASE_URL is pointing to my live domain, and the bug doesn’t happen to all my users so its a hard bug to replicate