Callback handler missing state parameter (vercel)

Raphaww · August 4, 2023, 8:01pm

tl;dr;
I can’t make to work an application in vercel where I use subdomain for multi tenant. Is there an example app where this is done? It’s correct to pass the Auth0 api routes (/api/auth0/login, etc.) through edge middleware?

I have a multi tenant application and I use edge middleware to support it via subdomains, this is the middleware relevant code:

//middleware.js
...
const account =
   process.env.NODE_ENV === "production" && process.env.VERCEL === "1"
      ? hostname.split('.')[0]
      : hostname.replace(`.localhost:3000`, "");

if (req.nextUrl.pathname.startsWith('/api')) {
   return NextResponse.rewrite(
      new URL(`/api/${account}${req.nextUrl.pathname.replace('/api', '')}`, req.url)
   );
}
...

I’m using a custom auth0 handler to set a valid baseURL because a fixed one as env variable displays a different error (invalid_grant) :

   const baseURL = `${process.env.NODE_ENV === "development"
      || (req.headers.host?.indexOf('localhost') || -1) >= 0 ? "http" : "https"}://${req.headers.host
      }`
   return initAuth0({
      baseURL,
      secret: process.env.AUTH0_SECRET,
      issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
      clientID: process.env.AUTH0_CLIENT_ID,
      clientSecret: process.env.AUTH0_CLIENT_SECRET
   });

in my local the login process works fine, but when I deploy to vercel I get an error in this route: http://org.example.com/api/auth/callback it says:

CallbackHandlerError: Callback handler failed. CAUSE: Missing state parameter in Authorization Response.

but both, code an state parameters are present in the url, I can’t help but thinking that something about the middleware is causing the error

dawid.matuszczyk · July 31, 2024, 9:12pm

Hey team!

This topic seems related to the new Auth0 Integration available new in Vercel Marketplace. This is the first version of this integration, and we welcome your feedback to improve future iterations.

You’ll need an existing Vercel project to use the new integration to build and customize the Identity flow. You can either import your project into Vercel or use a Vercel template so you don’t have to start from scratch like our SaaStart template to deploy a production-ready B2B SaaS app in minutes (learn more here).

If you find yourself having questions regarding this new integration for the next two weeks, we are hosting an Ask Me Anything session. Our Product Expert will provide comprehensive written answers on August 8th from 8 AM to 10 AM PST.

Find out more about Auth0 Integration and learn more about AMA.

Thanks!
Dawid

Topic		Replies	Views
Callback handler failed. CAUSE: Missing state cookie from login request (check login URL, callback URL and cookie config) Help login-experience , new-universal-login-experience	0	411	March 21, 2024
How to Deploy a Next.js App Secured By Auth0 to Vercel Developer Hub authentication , nextjs , vercel	12	2405	October 23, 2024
Nextjs + auth0 work at localhost, but return 404 while depoly to vercel Help login-experience , new-universal-login-experience	7	2960	August 31, 2023
Nextjs + Auth0 + Express Help management-api , users	0	16	September 16, 2024
Callback mismatch and wrong redirect_uri Help login-experience , new-universal-login-experience	4	25	November 1, 2024

Callback handler missing state parameter (vercel)

Related Topics