Intermittent Next.js Auth Errors: "No response returned", "State not found", "Refresh failed"
Hey Kinde team!
We're running into a few tricky, intermittent authentication errors with the @kinde-oss/kinde-auth-nextjs SDK (Version: 2.6.1 ) in our Next.js (App Router) app on Vercel. Using NextJs 13.5.9
Key issues observed (in production):
NEW: /api/auth/login 500 Error
Log: Error: No response is returned from route handler .../app/api/auth/[kindeAuth]/route.ts
Our [kindeAuth]/route.ts uses export const GET = handleAuth(); as per docs.
Intermittent /api/auth/kinde_callback 500 Error
Log: callback Error: Authentication flow: Received: [STATE_ID] | Expected: State not found
Happens rarely (~1-2% of callbacks). Cookies use SameSite=Lax.
Occasional /api/auth/setup 500 Error
Log: ...access or id token expired - attempting refresh ... refresh tokens failed - returning error
We're also seeing this "refresh failed" issue on /api/auth/setup in another, simpler Next.js project (same SDK/NextJs versions), which is interesting.
Quick Checks Done:
Verified critical Kinde env vars in Vercel.
Confirmed app/api/auth/[kindeAuth]/route.ts structure matches Kinde docs.
Middleware matcher excludes /api/auth/*.
KINDE_DEBUG_MODE=true was enabled when these logs were captured.
Could you offer any insights or suggest next steps for debugging these, especially the "No response returned" from /api/auth/login? We're concerned handleAuth() might have some edge cases. Also, any thoughts on the refresh token behavior appearing across projects?
Thanks for your help!
5 Replies
Hi Mael.
Thanks for following up. Since these errors line up with what we discussed in your previous thread, let me recap the main points and next steps:
1. /api/auth/login 500 “No response returned”
- Make sure your
app/api/auth/[kindeAuth]/route.ts exports both handlers:
- Without a POST export, any internal POST call to /api/auth/login will fail with that error.
2. /api/auth/kinde_callback “State not found”
- Verify you’ve switched your env var so that KINDE_POST_LOGIN_REDIRECT_URL points at /api/auth/kinde_callback itself.
- Then, after handleAuth() completes, redirect users from there to your custom /auth-callback page.
3. /api/auth/setup “refresh tokens failed”
- Double‑check that your cookies are scoped correctly (SameSite, Secure, domain/path) so the SDK can read the refresh token.
- Confirm the KINDE_CLIENT_SECRET in Vercel exactly matches what’s in your Kinde Dashboard.
Let me know how it goes once you’ve added the POST handler, updated the redirect URL, and confirmed the cookie settings. If you still see errors after that, I’ll escalate this to our engineering team and dig into the server‑side logs for your domains. In the meantime, feel free to reach out if you have any other questionsAbout the POST handler – I've added that to app/api/auth/[kindeAuth]/route.ts. Quick question though, I didn't see this in the Kinde docs, is this a general new requirement?
Now, for the callback redirect (KINDE_POST_LOGIN_REDIRECT_URL):
You said to make the KINDE_POST_LOGIN_REDIRECT_URL env var point to /api/auth/kinde_callback itself. But wouldn't that just create an infinite loop? handleAuth() would finish, then redirect back to itself, right?
And then, how would I do your next step: "Then, after handleAuth() completes, redirect users from there to your custom /auth-callback page."? My custom /auth-callback page is where I do my DB user stuff, and that's what my KINDE_POST_LOGIN_REDIRECT_URL env var currently points to. So, how do I get from Kinde's callback to my own /auth-callback page if the env var is supposed to point back to Kinde's callback?
Regarding the cookies & client secret:
Checked the cookies again – SameSite=Lax, Secure=true, domain/path all look fine.
Confirmed KINDE_CLIENT_SECRET again too.
I've deployed the POST handler change. Really need to understand that redirect flow for KINDE_POST_LOGIN_REDIRECT_URL though.
Hi Mael,
Let me take this back to the engineering team to double-check the recommended flow and ensure we’re aligned on the best practice, especially considering your setup with Kinde’s callback and your custom page.
Regarding the other issues (particularly the "No response returned" error after adding the POST handler), I’ll make sure to discuss these as well and see if there’s anything else we might be overlooking.
I’ll get back to you as soon as I have more insights. Feel free to share any additional details or logs in the meantime.
Logs I was able to retrieve using Kinde debug mode directly in prod:
for the kinde_callback problem:
callback Error: Authentication flow: Received: 8cf8e6242f05854649e6e2d0e8e5 | Expected: State not found
at AuthorizationCode.<anonymous> (/var/task/apps//.next/server/chunks/2352.js:1:326905)
at /var/task/apps//.next/server/chunks/2352.js:1:324597
at Object.next (/var/task/apps/wedding-fr/.next/server/chunks/2352.js:1:324702)
at fulfilled (/var/task/apps//.next/server/chunks/2352.js:1:323358)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
For the setup error:
validateToken: token is valid - it will expire in -1549808.5529999733 seconds
validateToken: token is valid - it will expire in -1632608.5539999008 seconds
setup: access or id token expired - attempting refresh
setup: refresh tokens failed - returning error
the new error that I never had before (500) on api/auth/login:
⨯ Error: No response is returned from route handler '/vercel/path0/apps//src/app/api/auth/[kindeAuth]/route.ts'. Ensure you return a Response or a NextResponse in all branches of your handler.
at /var/task/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:14:39875
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Hi Mael,
Thanks for sharing the additional details and logs. I’ll pass this information to the engineering team and get back to you as soon as I have further info.
Feel free to share any more logs or context if you come across anything else.
Hello, Mael. I am a support engineer at Kinde who will be supporting you as well.
I have been informed that there is a new SDK version that you can try. Could you please update your SDK version and inform us if it solves any of the issues you listed here?
Link to the new release: https://github.com/kinde-oss/kinde-auth-nextjs/releases/tag/v2.6.2
Thanks!