next-auth: 'checks.state argument is missing' error when click back button after authentication with keycloak
Description 🐜
Hello there!
I`m having an issue with next-auth. After successfully sign in into the application using the keycloack provider, clicking the back button in the browser window leads to :
error: {
message: 'checks.state argument is missing',
stack: 'TypeError: checks.state argument is missing\n' +...//stack trace
name: 'TypeError'
},
providerId: 'sso_provider_1',
message: 'checks.state argument is missing'
}
My configuration for the keycloack provider looks something like this
export default NextAuth({
providers: [
KeycloakProvider({
id: 'sso_provider_1',
clientId: process.env.AP_CLIENT_ID,
clientSecret: process.env.AP_CLIENT_SECRET,
issuer: process.env.AP_BASE_URL
})
],
secret: process.env.SECRET,
debug: true
});
Is there anything else I should configure in order to make my application work with the keycloack provider or it is just a bug ?
Is this a bug in your own project?
Yes
How to reproduce ☕️
Clicking back button after sign in with Keycloack will display this page and the error mentioned above.
Screenshots / Logs 📽
No response
Environment 🖥
next.js
Contributing 🙌🏽
Yes, I am willing to help solve this bug in a PR
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 6
- Comments: 30 (3 by maintainers)
I’m also looking for a solution this issue. I’m currently using netlify and originally thought this was an issue with the jwt option, but I keep coming back to this checks option for providers.
Would someone explain what the checks option does? I wasn’t able to find this option in the documentation, so i’m a little stuck as to what it entails.
checking here if someone has found another solution that is not setting
checkstonone, since that is not secure.Can with pleasure after an hour of intense testing directly on production on a site that is going viral report that adding
checks: ['pkce']seems to resolve it:I will talk with my shrink and hope he can calm my nerves after this intense experience 😂.
“KeycloakProvider” has error - type “boths” is missing any updates for this?
Currently experimenting setting up a system using a custom subdomain (
app.example.com) & ran into this same issue. Unsure if it will fix / help others but I got mine working by addingchecks: "both"to my provider options.Example:
Closing as this issue is kinda old. Let’s open a new one with a fresh, minimal reproduction, if it still exists.
I did! There were a couple of things I needed to check. Make sure that your JWT private key doesn’t have any odd characters or mistypings. This error popped up for me when my JWT private key was wrong.
This error would also appear for me if you are not providing the NEXTAUTH_URL variable in your env files. I troubleshooted this by taking a look at the redirectURLs I was getting, and I was getting a bad url, which somehow resulted in this error.
I did not have to provide “checks” in my next-auth setup at all. Fixing the above would fix the checks error.
What if you set
NEXTAUTH_URLin the.envfile? It worked for me