Auth0 app ID doesn't link with the android application

Hi, we are trying to solve a problem with android application
We are using Auth0, Capacitor and Ionic5 Angular.
From our tests we understood that:

  • In login page of the app we call the Auth0 correctly
  • Auth0 perform the user login
    but we have a problem on callback (it’s seems that the Auth0 app ID doesn’t link with the android application)

The error is the following:
E/Capacitor/Console: File: - Line 1 - Msg: Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘io.rexulta.ionic.angular://’) does not match the recipient window’s origin (‘http://localhost’).


Any luck with this? I am experiencing the same error.

Anyone got lucky with this error ? I’m facing similar issue.

I’ve followed this guide to setup auth0 with capacitor: Auth0 Ionic & Capacitor (React) SDK Quickstarts: Add login to your Ionic React with Capacitor app

Everything is quite fine. I can login, logout. However, the issue seems to appears when the id_token is expired, and auth0 try to obtain a new token based on what is actually present in the cache.

In that case, I see the same error, and it takes a few minutes before falling back to the auth0 login screen.

Same here,

Originally the error was a HTTP 400 on /authorize with an entry on Auth0 logs:

The specified redirect_uri '<app_id>://<domain>/capacitor/<app_id>/callback' does not have a registered origin.

Then, and even thought the documentation says to only configure:

capacitor://localhost, http://localhost

I also added the callback url to the allowed origins


Now the error is:

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('<app_id>://') does not match the recipient window's origin

I am facing the same issue. Anyone knows what is the problem?

I found the problem (in my case). I was calling getTokeSilently() without any parameter. I added

            redirect_uri: window.location.origin,

Redirect url is actually not used for redirect but for checking origin (this should be documented).

1 Like

Hey @kormik good to know you were able to resolve the issue you were seeing!

It is a bit confusing, I am seeing redirect_uri as optional in our docs, while at the same time the following:

There’s no actual redirect when getting a token silently, but, according to the spec, a redirect_uri param is required. Auth0 uses this parameter to validate that the current origin matches the redirect_uri origin when sending the response. It must be whitelisted in the “Allowed Web Origins” in your Auth0 Application’s settings.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.