nextjs-auth0: handleCallback - Cannot read property 'toString' of undefined error

Visits to our tenant’s domain that result in an unauthorized error with an error description of wrong email or verification code result in a redirect to our callback url that ends up producing the following unhandled error from within nextjs-auth0 of Cannot read property 'toString' of undefined.

The callback url that produces this error is:https://{auth0-domain-here}/api/auth/callback#error=unauthorized&error_description=Wrong email or verification code

related to: https://github.com/auth0/nextjs-auth0/issues/371, but the solution there is not the issue as the new api/auth routes are being used.

I’d expect these kinds of things to be more gracefully handled with perhaps a redirect to api/auth/logout.

We are using passwordless authentication with magic link and we are on v1.3.0.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 21 (9 by maintainers)

Most upvoted comments

I suppose I can try to handle this error in a custom way on our end or check if there is an active session and redirect to the app if so.

Yep checks.state argument is missing is the correct error in this scenario, since you’re visiting the callback page without any state cookies to check (they were removed in your previous successful login)

Hi @jaredgalanis - it’s not an unhandled exception, but I agree the message should be better.

Per our discussion in https://github.com/auth0/nextjs-auth0/issues/346 - this SDK doesn’t support embedded Passwordless.

It only supports the Universal Login Page, if you were using the Universal Login Page and initiating the login from the application, you’d be using response_mode: query and your errors would be coming back from the authorization server on the query parameters (eg https://{auth0-domain-here}/api/auth/callback?error=unauthorized&error_description=Wrong email or verification code) rather than the fragment (per your example)