NextAuth Authentication Error: “State cookie was missing.”
I am using Next.js with NextAuth for OAuth2 authentication. Here is the code snippet:
import NextAuth from 'next-auth';
import DiscordProvider from 'next-auth/providers/discord';
import jwt from 'jsonwebtoken';
export default NextAuth({
debug: true,
providers: [
DiscordProvider({
clientId: process.env.DISCORD_CLIENT_ID || "",
clientSecret: process.env.DISCORD_CLIENT_SECRET || "",
authorization: { params: { scope: 'identify' } }
}),
],
secret: process.env.NEXTAUTH_SECRET,
cookies: {
sessionToken: {
name: `__Secure-next-auth.session-token`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: process.env.NODE_ENV === 'production',
domain: process.env.NODE_ENV === 'production' ? 'domain.com' : undefined
}
}
},
callbacks: {
async jwt({ token, account, profile }) {
// something here
return token;
},
async session({ session, token }) {
const new_token = token as unknown as Haurto_Token_Decoded;
if (new_token) {
// something here
}
return session;
},
async redirect({ url, baseUrl }) {
if (url.startsWith(baseUrl)) {
return url;
}
return baseUrl;
}
},
pages: {
signIn: '/',
signOut: '/',
error: '/uhh',
}
});
However, when redirecting to /api/auth/callback/[provider], I encounter the following error on the backend:
[next-auth][error][OAUTH_CALLBACK_ERROR]
https://next-auth.js.org/errors#oauth_callback_error State cookie was missing. {
error: TypeError: State cookie was missing.
at Object.use (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authcoreliboauthchecks.js:111:23)
at oAuthCallback (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authcoreliboauthcallback.js:89:25)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Object.callback (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authcoreroutescallback.js:52:11)
at async AuthHandler (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authcoreindex.js:208:28)
at async NextAuthApiHandler (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authnextindex.js:22:19)
at async NextAuth._args$ (D:CodeGitHub filesWebsite-Dashboardnode_modulesnext-authnextindex.js:108:14)
at async K (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistcompilednext-serverpages-api.runtime.dev.js:21:2871)
at async U.render (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistcompilednext-serverpages-api.runtime.dev.js:21:3955)
at async DevServer.runApi (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistservernext-server.js:600:9)
at async NextNodeServer.handleCatchallRenderRequest (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistservernext-server.js:269:37)
at async DevServer.handleRequestImpl (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistserverbase-server.js:816:17)
at async D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistserverdevnext-dev-server.js:339:20
at async Span.traceAsyncFn (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdisttracetrace.js:154:20)
at async DevServer.handleRequest (D:CodeGitHub filesWebsite-Dashboardnode_modulesnextdistserverdevnext-dev-server.js:336:24) {
name: 'OAuthCallbackError',
code: undefined
},
providerId: 'discord',
message: 'State cookie was missing.'
}
The error states “State cookie was missing,” but I don’t recall configuring anything related to cookies.
I tried setting checks: ['none'] to test, which bypasses the CSRF protection mechanism, and the error disappeared. However, disabling this feature compromises security, so it is not a viable solution.
I have also set various environment variables and tried different approaches to resolve this issue, but none have been effective. I’ve searched through numerous forums without finding a suitable fix.
{
"next": "14.2.4",
"next-auth": "^4.24.7",
},
Any help would be greatly appreciated. Thank you!