Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Error: Invalid state returned from Google oAuth provider on production
See original GitHub issueHello everyone,
My Next-Auth application works completely fine when am running this in local environment, the redirection from google, and session registration in MongoDb is working fine,
When am trying to run the same application with same google id & secret in production, it is throwing Error: Invalid state returned from oAuth provider
Already SET the valid NEXTAUTH_URL, DATABASE_URL, GOOGLE_ID & GOOGLE_SECRET
[next-auth][error][callback_oauth_error] Error: Invalid state returned from oAuth provider
at /home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:46:27
at Generator.next (<anonymous>)
at asyncGeneratorStep (/home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:26:103)
at _next (/home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:28:194)
at /home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:28:364
at new Promise (<anonymous>)
at /home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:28:97
at /home/node/app/node_modules/next-auth/dist/server/lib/oauth/callback.js:143:17
at /home/node/app/node_modules/next-auth/dist/server/routes/callback.js:58:31
at Generator.next (<anonymous>)
https://next-auth.js.org/errors#callback_oauth_error
Feedback Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.
- [] Found the documentation helpful
- Found documentation but was incomplete
- Could not find relevant documentation
- Found the example project helpful
- Did not find the example project helpful
Issue Analytics
- State:
- Created 3 years ago
- Reactions:6
- Comments:31 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For folks using next-pwa, latest version should fix this problem for you
I was able to reproduce this issue in my production app, and it ended up being the same problem mentioned by @Ash-Kay in the previous comment. Every time I accessed the web app without using “www” in the URL, the OAuth error would be thrown. In the same way, if I logged in using the WWW domain, and then manually removed the “www” portion of the URL and reloaded the page, the NextAuth session would be dropped. Like in @Ash-Kay’s case, I was able to make the changes to my Nginx config to redirect the non-WWW requests to the WWW domain.