Problem Statement
We use the nextjs-auth0 version 1.9.1. Users received an error where they can log in once, then log out, and the next attempt to log in returns “checks.state argument is missing” error. This error does not happen when running the app on localhost. It only happens after deployment.
The second login attempt appears to get no Response Cookies from /api/auth/login, whereas the first login gets a _state cookie.
Cause
The api/auth/login endpoint appears to be cached:
This endpoint is what the nextjs-auth0 SDK uses to initiate the login flow. Caching this resource would explain why you don’t see this error on localhost (different caching mechanisms/rules).
Solution
Disabling caching for the api/auth endpoints in your cloud service provider allowed for this endpoint to properly re-initiate the login flow each time following the first login.