Auth0 Authentication not working when callbackurl is a directory

Copied from stackoverflow: mvc - Auth0 Authentication not working when callbackurl is a directory - Stack Overflow

I’m having a hard time finding the right words to google I think. I am integrating Auth0 into a new web site, and I have followed the quick start tutorial for a AS.NET MVC site.

When I set the Allowed Callback to be https://localhost:44334, everything works like a charm. I can log in, I see the cookie created,all of it.

But, when I set the Allowed Callback to be https://localhost:44334/anyFolderHere, I get nothing. The site redirects to Auth0, I can log in, and I get redirected to the correct location. But no cookie, no auth token, nothing.

I can see in the Auth0 logs that it thinks everything went fine, login successful. I see no errors being thrown in my code, I just get nothing.

The code I have is almost line-for-line from their quick start. I am hesitant to start making changes until I can see it working…

I’m sure I am making a rookie mistake here, but I’m getting frustrated and just can’t see past myself.

Here is what I have:

public class Startup
    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public void Configuration(IAppBuilder app)
        // Configure Auth0 parameters
        string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0:Domain"];
        string auth0ClientId = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientId"];
        string auth0ClientSecret = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientSecret"];
        string auth0RedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:RedirectUri"];
        string auth0PostLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];

        // Enable the Cookie saver middleware to work around a bug in the OWIN implementation

        // Set Cookies as default authentication type
        app.UseCookieAuthentication(new CookieAuthenticationOptions
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            LoginPath = new PathString("/Account/Login")

        // Configure Auth0 authentication
        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            AuthenticationType = "Auth0",

            Authority = $"https://{auth0Domain}",

            ClientId = auth0ClientId,
            ClientSecret = auth0ClientSecret,

            RedirectUri = auth0RedirectUri,
            PostLogoutRedirectUri = auth0PostLogoutRedirectUri,

            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            Scope = "openid profile",

            TokenValidationParameters = new TokenValidationParameters
                NameClaimType = "name"

            Notifications = new OpenIdConnectAuthenticationNotifications
                RedirectToIdentityProvider = notification =>
                    if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                        var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";

                        var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                            if (postLogoutUri.StartsWith("/"))
                                // transform to absolute
                                var request = notification.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";

                    return Task.FromResult(0);

public class AccountController : Controller
        public ActionResult Login(string returnUrl)
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
                    RedirectUri = returnUrl ?? Url.Action("Index", "Home")
            return new HttpUnauthorizedResult();

        public void Logout()

:wave: @russ.harding did you update the callback URL in all the right places within your application? Are you still experiencing this issue or were you able to solve it. Please let us know we can take a further look!

This topic was automatically closed after 7 days. New replies are no longer allowed.