Auth0 Home Blog Docs

Auth0 is silently appending "access_token=..." to my url, and then throwing it out for a URL callback mismatch?

access-token
callback-url
callback-url-mismatc

#1

My site, https://newsbrute.com, uses angular 1. Auth0 login works in many cases, usually after jumping around on my site a bit first. However, on a fresh page load, if I login, it will take me back to the same page (or homepage) without logging in. If I attempt it again from the same page, I will get this error message:

Callback URL mismatch. https://newsbrute.com/access_token=550kG8GsCeipmc_u-gkSI0wdGHbKbzfs&id_token=&expires_in=86400&token_type=Bearer is not in the list of allowed callback URLs:…"

Seems like if it wanted to append access_token, it should be as a query parameter, not a page, right? On the other hand, it might be more of an issue of why the first login silently fails and reloads the page (or redirects to the default callback page), but I don’t know if that’s the root cause.

This will decide whether or not I can use auth0 for my site, and I have tried everything I can think of. It’s driving me crazy; I hope someone can help.