Auth0 Home Blog Docs

Auth0 Authentication not working when callbackurl is a directory



Copied from stackoverflow:

I’m having a hard time finding the right words to google I think. I am integrating Auth0 into a new web site, and I have followed the quick start tutorial for a AS.NET MVC site.

When I set the Allowed Callback to be https://localhost:44334, everything works like a charm. I can log in, I see the cookie created,all of it.

But, when I set the Allowed Callback to be https://localhost:44334/anyFolderHere, I get nothing. The site redirects to Auth0, I can log in, and I get redirected to the correct location. But no cookie, no auth token, nothing.

I can see in the Auth0 logs that it thinks everything went fine, login successful. I see no errors being thrown in my code, I just get nothing.

The code I have is almost line-for-line from their quick start. I am hesitant to start making changes until I can see it working…

I’m sure I am making a rookie mistake here, but I’m getting frustrated and just can’t see past myself.

Here is what I have:

public class Startup
    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public void Configuration(IAppBuilder app)
        // Configure Auth0 parameters
        string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0:Domain"];
        string auth0ClientId = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientId"];
        string auth0ClientSecret = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientSecret"];
        string auth0RedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:RedirectUri"];
        string auth0PostLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];

        // Enable the Cookie saver middleware to work around a bug in the OWIN implementation

        // Set Cookies as default authentication type
        app.UseCookieAuthentication(new CookieAuthenticationOptions
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            LoginPath = new PathString("/Account/Login")

        // Configure Auth0 authentication
        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            AuthenticationType = "Auth0",

            Authority = $"https://{auth0Domain}",

            ClientId = auth0ClientId,
            ClientSecret = auth0ClientSecret,

            RedirectUri = auth0RedirectUri,
            PostLogoutRedirectUri = auth0PostLogoutRedirectUri,

            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            Scope = "openid profile",

            TokenValidationParameters = new TokenValidationParameters
                NameClaimType = "name"

            Notifications = new OpenIdConnectAuthenticationNotifications
                RedirectToIdentityProvider = notification =>
                    if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                        var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";

                        var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                            if (postLogoutUri.StartsWith("/"))
                                // transform to absolute
                                var request = notification.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";

                    return Task.FromResult(0);

public class AccountController : Controller
        public ActionResult Login(string returnUrl)
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
                    RedirectUri = returnUrl ?? Url.Action("Index", "Home")
            return new HttpUnauthorizedResult();

        public void Logout()