I just noticed that the session token does not contain a state parameter, since you are sending the same session token back. Auth0 expects a state claim in the JWT’s body as mentioned here: https://auth0.com/docs/customize/actions/flows-and-triggers/login-flow/redirect-with-actions#pass-information-back-to-the-action
Its value should be that of the state passed in the URL.
This means, sending the same token back will not work. Can you try generating a new JWT like in the example I provided? You can add any additional claims like customer_id, but it should also contain the other required claims.