I hope this message finds you well. I am currently facing an issue with Auth0 while using wildcards in the Callback URL configuration.
In the Auth0 dashboard, I have configured the Callback URL as http://*.localhost:3000/api/auth/callback. The login process works fine on the Auth0 login site when initiated from http://test.localhost:3000. However, after the login, the callback URL seems to be incorrect, resulting in the following error:
CallbackHandlerError: Callback handler failed. CAUSE: Missing state cookie from login request (check login URL, callback URL, and cookie config).
I double checked locally by initializing auth0 client to callback to a single level subdomain callback URL like https://subdomain.domain.com and allowing https://*.domain.com on my Auth0 tenant and it works well.
However, unfortunately, it will not work with multilevel subdomains.
I don’t think the issue is with the callback mismatch. A few members had a similar issue ad the reason were outdated packages. Here’s a topic for reference.
I am using the repo associated with this doc for a Single Page App.
For the URL you can use any specific single subdomain URL.
To test it, it’s enough to send an /authorize request (an example below) with a redirect_uri param set to any specific single subdomain url (in the request neither in your app code do not use any wildcard; wildcard only in Auth0 tenant’s settings for a specific app like https://*.google.com/domains/) to initiate the login flow and once authenticated, to be redirected to your page.