I’m wondering if setting the new discourse_connect_csrf_protection
site setting to false
will fix the issue for you. That site setting is hidden, so it needs to be set from the Rails console. You can find details about it in the replies to this topic: DiscourseConnect flow no longer functions.