"State Mismatch" Error after Passwordless Authentication

lihua.zhang · May 10, 2023, 8:08pm

Last Updated: Sep 12, 2024

Overview

The below error occurs when attempting to log in using the email passwordless connection:

HandlerError [BadRequestError]: state mismatch, expected eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMC9wcm9maWxlIn0, got: hKFo2SBNcy10dmNlSFhsa2ptc2t4SFptUE5MajR6bzlPVkhHeKFupWxvZ2luo3RpZNkgMWh6ZU5CTW9rMmg3dFpXNXA5eTFzRzRHLU9MR2tJWmOjY2lk2SBjTXhxb09STDFkUTZuTEo2S3pnc2dtNE8zRjd3V2dSOA

The client is a NextJS app using nextjs-auth0 SDK.

Applies To

NextJS
Email
Passwordless Connection
Authentication with Link

Cause

This error can occur if the login flow was initiated with the canonical domain, but the email link was sent for the custom domain.

Solution

For the Custom Domain to be used in Email flows (Passwordless, Reset Password, etc):

Go to Auth0 Dashboard > Branding > Custom Domains.
Enable the Use Custom Domain in Emails toggle.
Then, initiate the flow with the custom domain in the /authorize request.

33840×1916 476 KB

Related References

Configure Features to Use Custom Domains

Topic		Replies	Views
ApplicationError: state mismatch caused by Custom Domains using NextJS Get Help configuration , application	1	359	April 22, 2024
Nextjs-auth0 and passwordless auth via API Get Help	1	3450	April 21, 2021
State Mismatch issue with custom login screen and Auth0-js and NextJS Get Help	3	2649	July 28, 2022
Auth0 and passwordless: "Wrong email or verification code" error Get Help auth0	4	3541	September 5, 2019
Cannot authenticate via Magic Link Get Help passwordless , magic-link , nextjs	8	4875	November 27, 2022