State mismatch after passwordless authentication

Problem statement

We have the passwordless Email Link connection set up. When clicking on the link in the email, users received errors like

HandlerError [BadRequestError]: state mismatch, expected xxx, got: yyy.

Symptoms

Email Passwordless authentication with a link throws the “state mismatch” error after the user clicks the link in the verification email.

Troubleshooting

Request HAR files for a successful exchange.

Cause

The failed HAR file showed the flow was initiated with the canonical domain but the email link was sent for the custom domain.

Solution

Initiate the flow with the custom domain.

also:

  1. Go to Auth0 Dashboard > Branding > Custom Domains.
  2. Enable the Use Custom Domain in Emails toggle.