I’m wondering if setting the new discourse_connect_csrf_protection site setting to false will fix the issue for you. That site setting is hidden, so it needs to be set from the Rails console. You can find details about it in the replies to this topic: DiscourseConnect flow no longer functions.