I’ve ran into this issue in the developer tools for chrome.
I’ve adjusted the session: cookie attribute on the config options to equal sameSite: ‘None’, secure: true. Still does not fix the issue, however.
1 Like
The cookie warning is most likely related to a compatibility cookie that is set for legacy browsers and shouldn’t be part of the issue here.
Can you record a har of the successful transaction? I’d like to see what differs.
Here is a HAR file for my application. I went to the login page, logged in, got the bad request error on the https://DOMAIN/callback, then I delete call back from the URL hit enter and I am taken to my homepage for the user.
I will send via DM.
1 Like
SOLUTION IS HERE!
BadRequestError: checks.state argument is missing · Issue #145 · auth0/express-openid-connect · GitHub.
With a custom URL you must configure in the auth0-session-cookie-domain
app.use(auth({
authRequired: false,
auth0Logout: true,
session: {
//@ts-ignore
cookie: {
domain: '.example.com'
}
},
secret: process.env.AUTH_SECRET,
baseURL: process.env.BASE_URL,
clientID: process.env.CLIENT_ID,
issuerBaseURL: process.env.ISSUER_BASE_URL,
}))
1 Like
Thanks for your patience working through this, and for sharing a solution here!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.