Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

handleCallback - Cannot read property 'toString' of undefined error

See original GitHub issue

Visits to our tenant’s domain that result in an unauthorized error with an error description of wrong email or verification code result in a redirect to our callback url that ends up producing the following unhandled error from within nextjs-auth0 of Cannot read property 'toString' of undefined.

The callback url that produces this error is:https://{auth0-domain-here}/api/auth/callback#error=unauthorized&error_description=Wrong email or verification code

related to: https://github.com/auth0/nextjs-auth0/issues/371, but the solution there is not the issue as the new api/auth routes are being used.

I’d expect these kinds of things to be more gracefully handled with perhaps a redirect to api/auth/logout.

We are using passwordless authentication with magic link and we are on v1.3.0.

Issue Analytics

State:
Created 2 years ago
Comments:21 (9 by maintainers)

Top GitHub Comments

1reaction

adamjmcgrathcommented, May 27, 2021

I suppose I can try to handle this error in a custom way on our end or check if there is an active session and redirect to the app if so.

Yep checks.state argument is missing is the correct error in this scenario, since you’re visiting the callback page without any state cookies to check (they were removed in your previous successful login)

1reaction

adamjmcgrathcommented, May 11, 2021

Hi @jaredgalanis - it’s not an unhandled exception, but I agree the message should be better.

Per our discussion in https://github.com/auth0/nextjs-auth0/issues/346 - this SDK doesn’t support embedded Passwordless.

It only supports the Universal Login Page, if you were using the Universal Login Page and initiating the login from the application, you’d be using response_mode: query and your errors would be coming back from the authorization server on the query parameters (eg https://{auth0-domain-here}/api/auth/callback?error=unauthorized&error_description=Wrong email or verification code) rather than the fragment (per your example)