Next.JS + AWS + Cloudflare = Checks.state argument is missing

Our web app uses Next.JS with auth0 and most everything is working fine except after a user hasn’t been back to the site in several hours. Once they do go back, they get: “Checks.state argument is missing”.

If I retype the website’s address and login to auth0 then everything is fine.

Here is the request

  • Request URL: https:///login/callback
  • Request Method: POST
  • Status Code: 403
  • Remote Address: 104.16.170.253:443
  • Referrer Policy: same-origin

The response seems to be coming from CloudFlare where the domain is hosted, however the site itself is hosted in aws - Next.js (Cloudfront, Lambdas, S3)

  • alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
  • cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
  • cf-cache-status: DYNAMIC
  • cf-ray: 65d593d8fd70f1b2-ATL
  • cf-request-id: 0a995abba00000f1b2800ea000000001
  • content-encoding: gzip
  • content-type: text/html; charset=utf-8

Doing a treaceroute, I see a hop to cloudfront and if I go to that address https://d27sg64ti6xz5b.cloudfront.net - then it duplicates the error that we’re getting.

What I’m trying to validate here is if CloudFlare is causing the issue and possibly it is something to do with their caching. I do not need any of cloudflare’s features, it just happens to be where the domain was hosted originally.

Any help is much appreciated.