Auth0 Home Blog Docs

Auth0 Lock doesn't consider a registered Web Origin + pathname to be a valid Web Origin.



When using the Lock widget (v11), I can successfully login from subdomain.mywebsite:3000, but subdomain.mywebsite:3000/users/9/profile (for example) is considered an invalid web origin. subdomain.mywebsite is a hosts file rename of localhost. The current entry I have for Web Origins is subdomain.mywebsite:3000 (with no trailing slash).

Is there any way to set the Web Origin to subdomain.mywebsite:3000/* or some such rule that allows arbitrary pathnames after the domain?


The Allowed Web Origins have the format of <scheme> "://" <host> ":" <port> ], such as or http://localhost:3000. No further pathname should be needed in the allowed web origin field, as http://subdomain.mywebsite:3000 would be equivalent to http://subdomain.mywebsite:3000/users/9/profile as far as web origins is concerned.

Your issue might be related to callback url not being defined in the client’s settings. Could you try adding the [redirectUrl] ( configuration option in Lock, as well as adding it to the Allowed Callback URLs of your client?