Hello,
We recently started running into issues with the authentication flow in our Next.js app. Specifically, calling the auth0 callback handler return 404. It was working for a long time until today, and we haven’t updated those code paths recently, the only change around the same time was removing one of the auth0 tenant admins.
We are using the handleAuth() from ‘@auth0/nextjs-auth0’ package version 1.6.2
We provide a callback handler to inject the access token into our state.
export default handleAuth({
login: async (req: NextApiRequest, res: NextApiResponse) => {
try {
const { redirectUri, returnTo } = getUrls(req);
await auth0.handleLogin(req, res, {
authorizationParams: {
audience,
scope,
redirect_uri: redirectUri,
},
returnTo,
});
} catch (error) {
const status = getKey(error, 'status', 400, isNumber);
const message = getKey(error, 'message', 'Something went wrong');
res.status(status).end(message);
}
},
callback: async (req: NextApiRequest, res: NextApiResponse) => {
try {
await auth0.handleCallback(req, res, {
afterCallback: (_req, _res, session) => {
if (session.accessToken != null) {
setAccessToken(session.accessToken);
}
return session;
},
});
} catch (error) {
const status = getKey(error, 'status', 500, isNumber);
const errMessage: string | undefined =
error instanceof Error ? error.message : undefined;
Sentry.captureException(error);
res.status(status).end(errMessage);
}
},
logout: async (req: NextApiRequest, res: NextApiResponse) => {
try {
const { returnTo } = getUrls(req);
await auth0.handleLogout(req, res, {
returnTo,
});
setAccessToken(null);
Sentry.configureScope((sentryScope) => sentryScope.setUser(null));
} catch (error) {
console.error(error);
const status = getKey(error, 'status', 500, isNumber);
const message = getKey(error, 'message', 'Something went wrong');
res.status(status).end(message);
}
},
});
We are getting the following error from the auth0.handleCallback() call:
HandlerError [BadRequestError]: expected 200 OK, got: 404 Not Found
at new HandlerError (/var/task/node_modules/@auth0/nextjs-auth0/dist/utils/errors.js:52:28)
at Object.<anonymous> (/var/task/node_modules/@auth0/nextjs-auth0/dist/handlers/callback.js:39:31)
at step (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:143:27)
at Object.throw (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:124:57)
at rejected (/var/task/node_modules/@auth0/nextjs-auth0/node_modules/tslib/tslib.js:115:69)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
status: 400
}
Has anyone run into a similar issue?
Any help would be greatly appreciated!