I read this post in detail: BadRequestError: checks.state argument is missing - #4 by schalk.neethling, but unfortunately it doesn’t help me at all.
We’re also running into (very intermittently),
checks.state argument is missing
We’re using “@auth0/nextjs-auth0”: “^1.9.0”, for a simple app.
Here’s the flow:
- User pulls up browser and navigates to our website
- On clicking login /api/auth/login, we’re redirected to our Auth0 tenant
- User provides credentials and hits login, GET on callback URL is called
- Occasionally, user is presented with a “checks.state argument is missing”
The problem here is when the GET on callback URL is called, request cookies like (pvisitor, nonce, state, code_verifier).
I noticed that in step 1, step 2 etc when I compare requests they are identical. When the error comes up I notice that in step 3 cookies were not passed in the request.
- Seems to happen when browser is starting clean (no cookies or browser history)
- Once user goes back and clicks login then the login works (as mentioned here: nextjs-auth0/FAQ.md at main · auth0/nextjs-auth0 · GitHub), BUT this is NOT a solution for us and also not the root cause