We are in the testing phase and are using the default email verification template. When I click on it from a machine/user account not verified prior I get and error page. After some “testing” I found that if I change the protocol from https:// to http:// once per machine that the url launches my callback (which is http:// on localhost). Subsequent attempts to click the https:// url in my email inbox in the browser lauch the callback correctly. Any ideas what is going on here? Is this directly related to the non https:// localhost callback configured in my tenant?
Hi @mitul1
Welcome to the Auth0 Community!
Yes, this is directly related to your callback URL being http instead of httpsbecause modern web browsers have strict security policies that actively block or warn users when a website attempts to redirect them from a secure, encrypted context to an insecure one.
Because Auth0’s environment is strictly HTTPS, redirecting back to your local HTTP environment triggers this browser security mechanism.
The most important thing to know is that this will not happen in an production environment. You can try configuring your local development server to run on HTTPS to test how your applications behaves accordingly. Alternatively, you can try removing the local host url under the Return To field of the template and use the default screen provided or redirecting to a different https url while testing.
If you have any other questions, let me know!
Kind Regards,
Nik
Thanks for confirming Nik!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.