"State Mismatch" Error after Passwordless Authentication

Connections
Sep 10, 2025
Overview
The below error occurs when attempting to log in using the email passwordless connection:

----
HandlerError [BadRequestError]: state mismatch, expected eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMC9wcm9maWxlIn0, got: hKFo2SBNcy10dmNlSFhsa2ptc2t4SFptUE5MajR6bzlPVkhHeKFupWxvZ2luo3RpZNkgMWh6ZU5CTW9rMmg3dFpXNXA5eTFzRzRHLU9MR2tJWmOjY2lk2SBjTXhxb09STDFkUTZuTEo2S3pnc2dtNE8zRjd3V2dSOA
----
 

The client is a NextJS app using nextjs-auth0 SDK.
 
Applies To
  • NextJS
  • Email
  • Passwordless Connection
  • Authentication with Link
Cause
This error can occur if the login flow was initiated with the canonical domain but the email link was sent for the custom domain. 
Solution
For the Custom Domain to be used in Email flows (Passwordless, Reset Password, etc):

  1. Go to Auth0 Dashboard > Branding > Custom Domains.

  2. Enable the Use Custom Domain in Emails toggle.

  3. Then, initiate the flow with the custom domain in the /authorize request.
3.png


Related References

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community