Problem statement
We have the passwordless Email Link connection set up. When clicking on the link in the email, users received errors like
HandlerError [BadRequestError]: state mismatch, expected xxx, got: yyy.
Symptoms
Email Passwordless authentication with a link throws the “state mismatch” error after the user clicks the link in the verification email.
Troubleshooting
Request HAR files for a successful exchange.
Cause
The failed HAR file showed the flow was initiated with the canonical domain but the email link was sent for the custom domain.
Solution
Initiate the flow with the custom domain.
also:
- Go to Auth0 Dashboard > Branding > Custom Domains.
- Enable the Use Custom Domain in Emails toggle.