State mismatch with Twitch Oauth if automatic redirect doesn't work.
If automatic redirect doesnt work, a state mismatch is received when the user clicks the 'here' button. This is causing issues since my server serves 2 different apps. The server relies on the twitch redirect to pass location info so it can deep link the user to the proper application.
2 Replies
This is intentional. The issue is that the callback request gets duplicated. Before you click “here,” the browser is already redirecting to the callback. Clicking “here” again attempts to resend the request, which causes a state mismatch since the state is invalidated after the first request and you can't reply an oauth callback request
Some user’s browsers aren’t auto redirecting which is causing issues
I tried setting up separate better auth instances for each app and set the callback URL accordingly, but it was then causing a state mismatch no matter what. Is there any other way around this?