MissingStateCookieError: Missing state cookie from login request (check login URL, callback URL and cookie config).
adminCitify opened this issue · comments
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
Context:
- Error started after removing chromes cookies. I removed cookies in the past though without a problem.
- This is happening on my localhost:3000.
- I have the following login handler
login: async (req: any, res: any) => {
try {
const result = await auth0.handleLogin(req, res, {
authorizationParams: {
prompt: 'login',
},
});
console.log("RESULT", result);
return result
}
catch (error) {
console.error("login error: ", error);
return res.status(500).send({ error: 'An error occurred during login' });
}
},
- That log in my case doesn't return cookies, but when run by my coworker (same code) it does.
- My log:
[Symbol(headers)]: HeadersList(2) [
'location',
'https://citify-dev.us.auth0.com/authorize?client_id=PLO7XXXX&scope=openid%20profile%20email&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback&prompt=login&nonce=vKiDXXXX&state=eyJyXXXX&code_challenge_method=S256&code_challenge=6PeU8cJ8gI38946Bvv_s_C8cXJNMcvi_qqhM0TLXdSU'
],
- My coworkers log:
[Symbol(headers)]: _HeadersList {
cookies: [
'auth_verification=%7B%22nonce%22%3A%22rynQDUkugV_AaeT0K89ysvZ7XtAqncDWaAGaEl9zejg%22%2C%22state%22%3A%22eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJ9%22%2C%22code_verifier%22%3A%22wjK5ZGMbwgpSbgU5QydKdK2pqsUV1LiFuToyEcvGZHs%22%7D.fDrqdW1Ryqcz_a1mBPpGmJQg7Osghxa-k7hcf0KhNU0; Path=/; HttpOnly; SameSite=lax'
],
[Symbol(headers map)]: Map(2) { 'location' => [Object], 'set-cookie' => [Object] },
[Symbol(headers map sorted)]: null
},
- I tried incognito, updating packages, restarting, different browsers, etc etc, without success.
- Logs in auth0 shows just succesful login.
- My login and callback urls are ok.
If needed I can share an .HAR file.
PLEASE help!
Reproduction
To reproduce:
- I navigate to localhost:3000
- Try to login with universal login experience.
- Redirected to my default error screen.
(sory I didn't detail this further I can provide more info if needed)
Additional context
No response
nextjs-auth0 version
3.3.0
Next.js version
14.0.1
Node.js version
18.0.0
Hi @adminCitify
Next.js version
14.0.1
Node.js version
18.0.0
The minimum version of Node for Next 14 is 18.17 (see https://nextjs.org/blog/next-14#other-changes) - can you update your version of Node and try again?
omg.. that was it! I lost a day without realizing that! Thanksssss @adamjmcgrath!
@adamjmcgrath you seem to have seen a few MissingStateCookieError issues in your time, I'm currently experiencing this same error. Its intermittent. ~4 days ago the error surfaced on all of my deployed nextjs-auth0 apps (hosted in vercel) out of the blue (no changes introduced), I've been troubleshoot and trying to identify root cause but not having much luck. Woke up and all my apps are working again. Do you have any ideas or suggestions for things I could try and look into to isolate the issue? It's unclear to me exactly which piece (auth0, nextjs, vercel, nextjs-auth0) is responsible. I'm concerned about the impact that this has on my customers and would like to investigate a bit more before I decide to implement a fallback.
I've written a pretty lengthy forum post here: https://community.auth0.com/t/state-cookie-not-generated-post-login-nextjs/125295 - perhaps there's something obvious to you that I am missing.