Receiving "Bad Request" page after user authenticates

I’ve ran into this issue in the developer tools for chrome.

I’ve adjusted the session: cookie attribute on the config options to equal sameSite: ‘None’, secure: true. Still does not fix the issue, however.

1 Like

@michael16,

The cookie warning is most likely related to a compatibility cookie that is set for legacy browsers and shouldn’t be part of the issue here.

Can you record a har of the successful transaction? I’d like to see what differs.

Here is a HAR file for my application. I went to the login page, logged in, got the bad request error on the https://DOMAIN/callback, then I delete call back from the URL hit enter and I am taken to my homepage for the user.
I will send via DM.

1 Like

SOLUTION IS HERE!
BadRequestError: checks.state argument is missing · Issue #145 · auth0/express-openid-connect · GitHub.

With a custom URL you must configure in the auth0-session-cookie-domain

app.use(auth({
  authRequired: false,
  auth0Logout: true,
  session: {
    //@ts-ignore
    cookie: {
      domain: '.example.com'
    }
  },
  secret: process.env.AUTH_SECRET,
  baseURL: process.env.BASE_URL,
  clientID: process.env.CLIENT_ID,
  issuerBaseURL: process.env.ISSUER_BASE_URL,
}))
1 Like

Thanks for your patience working through this, and for sharing a solution here!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.