Problem statement
With our production application, If the user starts on www (https://www.myapp.com vs https://myapp.com) when logging in, the login will fail. After logging in, they are redirected to the non-www page which drops the auth cookies and results in a 400.
Login: https://www.myapp.com/api/auth/login?returnTo=%2Fbrowse
Redirect: https://myapp.com/api/auth/callback?code=B5kj3oL16yBWIgt9p7ywKYvD_cTS40wBsEplW6NgIdiHI&state=eyJyZXR1cm5UbyI6Imh0dHBzOi8vY2FydmFuYWF1Y3Rpb24uY29tL2Jyb3dzZSJ9
We’re using the @auth0/nextjs-auth0 SDK and have AUTH0_BASE_URL=https://myapp.com/
configured causing the redirect.
Symptoms
- Next.js BASE_URL is configured with the following structure: https://domain.com and not https://www.domain.com.
Cause
- This Github issue summarizes the issue pretty nicely.
Solution
Please follow the possible workaround provided in this Github issue.