Auth0 app ID doesn't link with the android application

Hi, we are trying to solve a problem with android application
We are using Auth0, Capacitor and Ionic5 Angular.
From our tests we understood that:

• In login page of the app we call the Auth0 correctly
• Auth0 perform the user login
  but we have a problem on callback (it’s seems that the Auth0 app ID doesn’t link with the android application)

The error is the following:
E/Capacitor/Console: File: https://re2n-dev.eu.auth0.com/authorize?redirect_uri=io.rexulta.ionic.angular%3A%2F%2Fre2n-dev.eu.auth0.com%2Fcapacitor%2Fio.rexulta.ionic.angular%2Ftabs%2Fdashboard&client_id=iOFWdNJiVOy6kxjfv9Djl2nJPyV416F1&audience=http%3A%2F%2Flocalhost%3A3001&appUri=http%3A%2F%2Flocalhost&scope=openid%20profile%20email&response_type=code&response_mode=web_message&state=Mm5QaUVRWEdoLUJZbHpybmFub29oXzMzYXViWVB0cXQ0RHUxUnhsS29VYg%3D%3D&nonce=ZnA3MUZzTTJETlhYX21MRUJxSnU3MlJKSm5LR0psVVZxVXJER1ZKWXhETg%3D%3D&code_challenge=uirWv_vqXg7w6PVahKGIObSp2Fav7e5K1A-0vx3cXc0&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiQGF1dGgwL2F1dGgwLWFuZ3VsYXIiLCJ2ZXJzaW9uIjoiMS41LjEifQ%3D%3D - Line 1 - Msg: Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘io.rexulta.ionic.angular://’) does not match the recipient window’s origin (‘http://localhost’).

Any luck with this? I am experiencing the same error.

Anyone got lucky with this error ? I’m facing similar issue.

I’ve followed this guide to setup auth0 with capacitor: Auth0 Ionic & Capacitor (React) SDK Quickstarts: Add login to your Ionic React with Capacitor app

Everything is quite fine. I can login, logout. However, the issue seems to appears when the id_token is expired, and auth0 try to obtain a new token based on what is actually present in the cache.

In that case, I see the same error, and it takes a few minutes before falling back to the auth0 login screen.

Same here,

Originally the error was a HTTP 400 on /authorize with an entry on Auth0 logs:

The specified redirect_uri '<app_id>://<domain>/capacitor/<app_id>/callback' does not have a registered origin.

Then, and even thought the documentation says to only configure:

capacitor://localhost, http://localhost

I also added the callback url to the allowed origins

<app_id>://<domain>/capacitor/<app_id>/callback

Now the error is:

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('<app_id>://') does not match the recipient window's origin

I am facing the same issue. Anyone knows what is the problem?

I found the problem (in my case). I was calling getTokeSilently() without any parameter. I added

getTokenSilently({
            redirect_uri: window.location.origin,
        })

Redirect url is actually not used for redirect but for checking origin (this should be documented).

Hey @kormik good to know you were able to resolve the issue you were seeing!

It is a bit confusing, I am seeing redirect_uri as optional in our docs, while at the same time the following:

There’s no actual redirect when getting a token silently, but, according to the spec, a redirect_uri param is required. Auth0 uses this parameter to validate that the current origin matches the redirect_uri origin when sending the response. It must be whitelisted in the “Allowed Web Origins” in your Auth0 Application’s settings.