Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v4: Setting sameSite: "none" property for the transactionCookie breaks login #1940

Open
6 tasks done
msallent opened this issue Feb 28, 2025 · 2 comments
Open
6 tasks done

v4: Setting sameSite: "none" property for the transactionCookie breaks login #1940

msallent opened this issue Feb 28, 2025 · 2 comments
Labels
ack bug Something isn't working

Comments

@msallent
Copy link

Checklist

Description

A few weeks back I requested the ability to configure the transactionCookie in #1866 as it was done in v3. This was implemented, however, if I make any changes to it then login never works and returns the following error:

[InvalidStateError: The state parameter is invalid.] {
  code: 'invalid_state',
  name: 'InvalidStateError'
}

Reproduction

  1. Initialize your Auth0Client as following:
new Auth0Client({
  transactionCookie: {
    sameSite: 'none',
  },
  ...
});
  1. Try logging in
  2. Get the following error:
[InvalidStateError: The state parameter is invalid.] {
  code: 'invalid_state',
  name: 'InvalidStateError'
}

Additional context

I need to change the sameSite property for Cypress to be able to log in when running locally. I had the same issue in v3 but it was solved by setting sameSite: isLocalhost ? "none" : undefined. I tried to replicate this behavior with v4 but it's not working as expected.

nextjs-auth0 version

4.0.2

Next.js version

14.2.21

Node.js version

18.20.3
@tusharpandey13
Copy link
Contributor

Thank you for reporting this issue. We're working on a fix for the next release.
In the meantime, please try this workaround:

new Auth0Client({
  transactionCookie: {
    sameSite: isLocalhost ? "none" : "lax",
    secure: isLocalhost ? false : true // Explicitly handle localhost vs production
  },
})

Please let us know if this solution works for your setup!

@tusharpandey13 tusharpandey13 added bug Something isn't working ack labels Mar 7, 2025
@msallent
Copy link
Author

msallent commented Mar 7, 2025

Thank you for reporting this issue. We're working on a fix for the next release. In the meantime, please try this workaround:

new Auth0Client({
transactionCookie: {
sameSite: isLocalhost ? "none" : "lax",
secure: isLocalhost ? false : true // Explicitly handle localhost vs production
},
})
Please let us know if this solution works for your setup!

I remember trying that but tried it again just in case, and didn't work. It shows the same The state parameter is invalid. error unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ack bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msallent @tusharpandey13