Callback fails with 400 in nextjs application


I have a nextjs application that I set up using this quickstart guide Auth0 Next.js SDK Quickstarts: Login

I have a strange issue where when run locally everything is fine, but in production I am getting a consistent 400 error. I have uploaded a HAR file, I can see that the auth_verification cookie is not set (it is set when I run this locally) - what am I missing here? I also notice that Referer is set to which is odd, we don’t have a www subdomain. How is that being set?
auth0loginfail.har (1.6 MB)

Ok I got it - the problem was that the browsers were adding www to the url, so the login call was setting the cookies on the www subdomain. Then because our baseurl doesn’t have www, the callback was to the base domain, so the cookies were not passed along, causing the error. I solved it by adding an nginx 301 redirect on the www domain to force all login calls to go to the base domain. Phew.