0

I have an Auth0 application with a few localhost URLs as allowed callback URLs. Example: https://127.0.0.1:8080/login, https://127.0.0.1:8080/results, https://127.0.0.1:8080/user

When I start the authentication flow using one of the previous allowed URLs, everything works as expected. Example: https://tenant.auth0.com/authorize?audience=my-api&response_type=token&client_id=client-id&redirect_uri=https://127.0.0.1:8080/results

I want to support a new allowed URL: https://mynicedomain.com So I added it to the allowed list; however, it doesn't work when I go to: https://tenant.auth0.com/authorize?audience=my-api&response_type=token&client_id=client-id&redirect_uri=https://mynicedomain.com

I tried adding / in both, Auth0 conf and in the URL. Also, add it as allowed URL origins but I can't still make it work.

Did anyone have a similar issue? I read several posts and Auth0 docs and I cannot find what I am doing wrong.

Improve this question
1
  • Have you tried using a path, as in redirect_uri=https://mynicedomain.com/auth? Otherwise, what "doesn't work" — what happens and when? Commented Jun 28, 2021 at 17:31

1 Answer 1

Reset to default
0

I'm not certain this is an exact match for the OP's issue, but given that the symptoms are the same, in my scenario the actual issue was caused by a proxy in front of the application using http and not https to speak to the application at the host where the deployed application lives (eg. production).

The issue is described at this forum link in more detail: https://community.auth0.com/t/asp-net-core-loginexternal-not-working-with-https/7824

The way to fix it for applications registered as Regular Web Application at Auth0 is to intercept the redirect to identity provider and forcefully rewrite the scheme to be https.

Implementing this change in code will resemble the following (in Program.cs in C# for Blazor, or whereever one's setup code resides):

options.Events = new OpenIdConnectEvents
{
    OnRedirectToIdentityProvider = (context) => {
        var builder = new UriBuilder(context.ProtocolMessage.RedirectUri);

        builder.Scheme = "https";

        context.ProtocolMessage.RedirectUri = builder.ToString();

        return Task.CompletedTask;
    },

    // ... more handlers here, etc.
};

Note that if the builder is still trying to redirect to the normal http port (80) even after forcing protocol scheme, then more aggressive URI rewriting may be needed.

Example:

  1. Callback URL at Auth0: https://my-app-hostname/
  2. Builder is forced to https, but somehow the internals force http instead by port: https://my-app-hostname:80/
  3. Registering that url with explicit port 80 works at Auth0, but then on callback it fails at the proxy because https://my-app-hostname:80/ is not valid (listener on port 80 is not https).
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.