nextjs-auth0: handleCallback - Cannot read property 'toString' of undefined error
Visits to our tenant’s domain that result in an unauthorized error with an error description of wrong email or verification code result in a redirect to our callback url that ends up producing the following unhandled error from within nextjs-auth0 of Cannot read property 'toString' of undefined
.
The callback url that produces this error is:https://{auth0-domain-here}/api/auth/callback#error=unauthorized&error_description=Wrong email or verification code
related to: https://github.com/auth0/nextjs-auth0/issues/371, but the solution there is not the issue as the new api/auth
routes are being used.
I’d expect these kinds of things to be more gracefully handled with perhaps a redirect to api/auth/logout
.
We are using passwordless authentication with magic link and we are on v1.3.0
.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 21 (9 by maintainers)
Yep
checks.state argument is missing
is the correct error in this scenario, since you’re visiting the callback page without any state cookies to check (they were removed in your previous successful login)Hi @jaredgalanis - it’s not an unhandled exception, but I agree the message should be better.
Per our discussion in https://github.com/auth0/nextjs-auth0/issues/346 - this SDK doesn’t support embedded Passwordless.
It only supports the Universal Login Page, if you were using the Universal Login Page and initiating the login from the application, you’d be using
response_mode: query
and your errors would be coming back from the authorization server on the query parameters (eghttps://{auth0-domain-here}/api/auth/callback?error=unauthorized&error_description=Wrong email or verification code
) rather than the fragment (per your example)