Allowed Web Origins for Ionic not working?

Hello all –

I’m working to use Auth0 in my Ionic Framework application. Right now, I’m using passwordless lin via email, and I’ve gotten this fully operational within the browser-side dev builds. The origin for those requests are http://localhost:8080 and functional.

When building it for iOS and running on an iOS device, the auth mechanisms break, and Auth0 logs show:

Failed Silent Auth
The specified redirect_uri 'com.org.appname://auth/callback' does not have a registered origin.

Now, I’ve added all of the following to my allowed web origins and CORS for the app in auth0 dashboard per quickstarts and other documentation: http://localhost, ionic://, http://localhost:8100, file://, com.org.appname://*, capacitor://localhost

In my own API backend, I’ve confirmed the origin (from HTTP Origin header) of the app is in fact capacitor://localhost, so I expect it is the same going to Auth0. But, I still receive the above error.

I am using a built in auth sequence in my app that uses passwordlessLogin() and passwordlessStart(). The link goes back to a callback in my app that launches successfully using a URL schema. The failure error is occurring when any /authorize attempt in checkSession() to verify no session exists and force user to login page.

I’ve been working on this for a couple days with no progress, and could really use some assistance!

Thanks!
Ryan

I’ve still not been able to get past this issue.

I’ve seen many posts of similar issues; however, my web origins and CORS account for all of those scenarios. Like I said, I’ve confirmed my ‘Origin’ HTTP Header on another server coming from the same app on iOS and it is capacitor://localhost. Unfortunately, this does not permit it for Auth0. Is it possible that this error is actually caused by something else and the error is misleading?

Otherwise, is there someway in a policy rule or something else that I could log the origin of the request to ensure I’m permitting the right host(s)? This is a show stopper for me right now.