Next.js client handleAuth() callback expected 200 but got 404

Hello,

We recently started running into issues with the authentication flow in our Next.js app. Specifically, calling the auth0 callback handler return 404. It was working for a long time until today, and we haven’t updated those code paths recently, the only change around the same time was removing one of the auth0 tenant admins.

We are using the handleAuth() from ‘@auth0/nextjs-auth0’ package version 1.6.2

We provide a callback handler to inject the access token into our state.

export default handleAuth({
  login: async (req: NextApiRequest, res: NextApiResponse) => {
    try {
      const { redirectUri, returnTo } = getUrls(req);

      await auth0.handleLogin(req, res, {
        authorizationParams: {
          audience,
          scope,
          redirect_uri: redirectUri,
        },
        returnTo,
      });
    } catch (error) {
      const status = getKey(error, 'status', 400, isNumber);
      const message = getKey(error, 'message', 'Something went wrong');
      res.status(status).end(message);
    }
  },
  callback: async (req: NextApiRequest, res: NextApiResponse) => {
    try {
      await auth0.handleCallback(req, res, {
        afterCallback: (_req, _res, session) => {
          if (session.accessToken != null) {
            setAccessToken(session.accessToken);
          }
          return session;
        },
      });
    } catch (error) {
      const status = getKey(error, 'status', 500, isNumber);
      const errMessage: string | undefined =
        error instanceof Error ? error.message : undefined;
      Sentry.captureException(error);
      res.status(status).end(errMessage);
    }
  },
  logout: async (req: NextApiRequest, res: NextApiResponse) => {
    try {
      const { returnTo } = getUrls(req);
      await auth0.handleLogout(req, res, {
        returnTo,
      });
      setAccessToken(null);
      Sentry.configureScope((sentryScope) => sentryScope.setUser(null));
    } catch (error) {
      console.error(error);
      const status = getKey(error, 'status', 500, isNumber);
      const message = getKey(error, 'message', 'Something went wrong');
      res.status(status).end(message);
    }
  },
});

We are getting the following error from the auth0.handleCallback() call:

HandlerError [BadRequestError]: expected 200 OK, got: 404 Not Found
    at new HandlerError (/var/task/node_modules/@auth0/nextjs-auth0/dist/utils/errors.js:52:28)
    at Object.<anonymous> (/var/task/node_modules/@auth0/nextjs-auth0/dist/handlers/callback.js:39:31)
    at step (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:143:27)
    at Object.throw (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:124:57)
    at rejected (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:115:69)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  status: 400
}

Has anyone run into a similar issue?

Any help would be greatly appreciated!

4 Likes

We are experiencing the very same issue, since about 23 hours ago now. Hosted on Vercel by any chance? We deployed our application with no code changes (refresh server-side pages), and it started failing. We tried a bunch of stuff, thus far no solution. Did you find anything?

1 Like

Same issue here for some reason yesterday all deployments failed because of this, what changed? all our hosted vercel urls are falling because of this…

1 Like

Yes, hosted on Vercel! Still experiencing this issue. Seems to happen on new deployments. Old deployments (more than one day ago) still work fine.

I can see ‘Successful Login’ logs in Auth0 but the callback handler fails.

I tried:

  • creating a new Auth0 app
  • updating Auth0 package

No luck so far.

1 Like

Having the same issue here, also on Vercel, this is a critical issue.

1 Like

Same issue here. Old deployments work - recent ones have been stuck at the “expected 200 OK, got: 404 Not Found”

Also having the same issue. All of our new deployments seem to be broken. Commenting for awareness :+1:

Yes same issue. All vercel deployments broken. Company is dead in the water. Auth0 please fix!

Same issue as well. Is it an error on Vercel’s part or Auth0?

@All I managed to get the login flow on our webshop working again by completely disabling Sentry. I even created a reproducible test app with Next 13, Auth0 plugin and Sentry (All latest versions) and it crashes in the exact same way

4 Likes

@alwin thank you, I can confirm that disabling the Sentry plugin fixes the issue. Any idea why this might be the case all of a sudden?

I have no clue what the root cause is. I even downgraded Sentry a couple of version and that didn’t help either, so I suspect something at Vercel changed, but I’m not sure. Hopefully engineers can figure it out in the upcoming days :slight_smile:

1 Like

@alwin might be worth opening an issue with your findings in Vercel as well as they might not be aware of the bug? As it turns out it’s not really an Auth0 issue…

and thanks again, helped me save my sanity over this weekend :slight_smile:

1 Like

Fixed. Thank you Alwin.

Thank you @alwin! That worked for us too. Not sure how you identified Sentry as an issue, but really appreciate you sharing with us!

Fixed for us too. ripped sentry out of the codebase completely.

Bizarre issue! Hope there is some kind of fix for this so we can bring back sentry. situation does not inspire confidence in auth0

Thanks everyone for working together on it as a team. Can one of you also raise it as a GitHub issue here:

and reference it here in the forum so we can talk directly about it with the SDK maintainers. Thank you!

The same. thanks! disabling Sentry did the trick.

1 Like

Hey @alwin - would you mind sharing the reproducable test app with Vercel, or just post up the test app so someone else can report? Want to make sure this has been logged because disabling Sentry is obviously not ideal :smiley:

I have reproducible project here: https://gitlab.com/nicelittlethings/auth0-issue standard test-app for @auth0/nextjs-auth0 with Sentry. this is enough to break the login flow