State mismatch after passwordless authentication

Problem statement

We have the passwordless Email Link connection set up. When clicking on the link in the email, users received errors like

HandlerError [BadRequestError]: state mismatch, expected xxx, got: yyy.


Email Passwordless authentication with a link throws the “state mismatch” error after the user clicks the link in the verification email.


Request HAR files for a successful exchange.


The failed HAR file showed the flow was initiated with the canonical domain but the email link was sent for the custom domain.


Initiate the flow with the custom domain.


  1. Go to Auth0 Dashboard > Branding > Custom Domains.
  2. Enable the Use Custom Domain in Emails toggle.