Mimecast email protection breaks Email provider

[tomitrescak]

Hi, I tried to report this as a bug, but it cannot be easily reproduced.
We have a Mimecast email protection on our company servers.
This protection scrambles any URLs in emails to this format:

https://url.au.m.mimecastprotect.com/s/ZKptCr81zpC8DMnjKc7fxF48VCp?domain=skillpies.com

It is encoded url from an email login provider that has this format

https://skillpies.com/api/auth/callback/email?callbackUrl=https%3A%2F%2Fskillpies.com&token=xxxx&email=someone%40westernsydney.edu.au

If I use direcly the URL below, everything works, but when I use the protected URL I receieve "error=Verification", the issue is that I cannot locate why this error is happening and which package does it.

I am using next-auth 5, but the error happens in next-auth 4.

Must be something with the domain of the origin request ... but what ?