After signup, authorize redirects to login page

libor.vozdek · July 20, 2023, 8:15am

Hi, I’m working on a move from Rules to Actions. I have a test tenant where I’m trying it.
Everything except for one thing seems ok.

We use consent redirects, I get redirected like I should, the flow goes on to Continue, still all good and at the end, our front end calls authorize endpoint, and instead of being redirected to my callback page, I get redirected to a login page, so the authorize call doesn’t work in that moment, then I am able to login normally and everything is fine. But there is now this one unnecessary login to be done. With Rules, this was not happening.

I see no errors or fails in logs, the actions were not called it seems from my “webtask logs”, so something must have happened automatically in auth0 before calling the action. I have no idea how to find out what can be wrong.
Comparing calls, cookies and params in the browser it all seems identical.
Is there a way to see why an authorize endpoint redirects to login, when there is nothing failing in normal logs? Btw this is happening in like 80% of cases, sometimes the redirect works fine, making it even stranger.

dan.woda · July 25, 2023, 4:23pm

Hi @libor.vozdek,

Redirects function different in Rules and Actions, this could be causing a loop in your code. Take a look at this blog post that covers an example.

If you aren’t able to figure it out, please post an example of the Rule and Action so we can take a look (remove any sensitive data please). Thanks!

libor.vozdek · July 28, 2023, 6:52am

If anyobody is interested, it turns out the problem was hidden described in this page: (Session Layers)
If you update user’s “email_verified” flag, he gets logged out, which is exactly what we are doing in our flow with our custom email verification. No idea, why it was working without the logout in Rules. Imho, this behavior doesn’t make sense, because then this flag is unusable, but at the same time it is required for reset password? (Use Verified Email in User Profiles)
So we kind of need it to be set and also don’t want to logout the user…

it was eventually resolved by asking auth0 support to turn on one magic switch in our tenant.
Thank you Auth0 Support team.

dan.woda · July 28, 2023, 1:11pm

Thanks for following up!

Topic		Replies	Views
"/authorize" endpoint does not redirect to "Authorize application" page Get Help auth0 , api	3	4800	July 15, 2023
onContinuePostLogin not getting called on Post Login Action redirect Get Help identifier-first , login-experience	3	439	September 23, 2024
Login to one application redirects me to another after converting my login rule to an action Get Help classic-universal-login-experience , login-experience	6	990	June 5, 2023
Redirect to Consent form issue Get Help auth0 , rules , redirect-rules	1	3443	September 21, 2020
UnauthorizedError in rule still redirects Get Help	2	4344	April 9, 2021

After signup, authorize redirects to login page

Related topics