Auth0 using old client id

devendra · April 7, 2022, 3:56pm

Hi,

I have created 2 auth0 app within a domain. Docker is using one and have created another one to be used with kubernetes but for some reason instance running on kubernetes still refers to client id of docker running instance.

I don’t understand the reason for using different app when right app details are specified in env variables for kubernetes and are reflecting correctly at backend but on browser it still refers to old client id. Please assist finding the issue on this

{
“body”: {},
“qs”: {
“audience”: “https://mvp-stg-tenant.us.auth0.com/api/v2/”,
“scope”: “openid profile email read:current_user”,
“client_id”: “kqYrTflM2n2582yxG8cVTMykWpW4fB0a”,
“redirect_uri”: “https://stg.intra-airmatrix.ca”,
“response_type”: “code”,
“response_mode”: “query”,
“state”: “MjFKYWRmVldfbTF+QlRodXRLT29MaFRhbXdlYkxTY25pYnFucnFvRHlsbA==”,
“nonce”: “X1NfOTZaUC45UU0wV3hqOHVSUDJXfktTSHNwWGZ+VnVTaGdhVDI2R0ktcQ==”,
“code_challenge”: “VnYzN7K3PQhZq5IN_paWZYT9Yp-sHhP8qZyjmfO4c0E”,
“code_challenge_method”: “S256”,
“auth0Client”: “eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ==”
},
“error”: {
“message”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs”,
“oauthError”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs. Please go to ‘https://manage.auth0.com/#/applications/kqYrTflM2n2582yxG8cVTMykWpW4fB0a/settings’ and make sure you are sending the same callback url from your application.”,
“payload”: {
“message”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs”,
“code”: “unauthorized_client”,
“status”: 403,
“name”: “CallbackMismatchError”,
“authorized”: [
“https://gcs-dev.intra-airmatrix.ca/dashboard”,
“https://gcs-dev.intra-airmatrix.ca/”,
“https://dev-unnb-3ir.us.webtask.run/auth0-authentication-api-debugger”,
“https://gcs-dev.intra-airmatrix.ca/register”
],
“attempt”: “https://stg.intra-airmatrix.ca”,
“client”: {
“clientID”: “kqYrTflM2n2582yxG8cVTMykWpW4fB0a”
},
“log_url”: “https://manage.auth0.com/#/logs/”
},
“type”: “callback-url-mismatch”
},
“session_id”: “uoM663QHlc6P34gWPER8aY-vJ_bLQZ_-”
}

It refers to wrong app . I created mvp-stg-kube but for some reason all new request goes to mvp-stg-app

Thanks
Devendra

dan.woda · April 7, 2022, 6:07pm

Hi @devendra,

Whatever client ID is sent in the request should be the one used for the Allowed Callback URLs.

Make sure whatever environment variables you are using for the client ID in the request are successfully being added to the request.

devendra · April 7, 2022, 6:56pm

Hey Dan,

Yes that’s what I was expecting however in kubernetes env and during docker image building I updated all the values for the new client. However when hitting the browser with new url it shows all the correct url’s expect for the client id that’s being referred to other app in the same domain. I am using that app for other url . I can share more details if needed. I shared the logs though which shows new and old url they are from 2 different apps. This is surprising for me. Not sure if that’s a bug I have hit or auth0 behavior is wrong

Thanks
Devendra

dan.woda · April 7, 2022, 7:12pm

Is the client ID in the outgoing request the correct client ID?

devendra · April 7, 2022, 7:19pm

Client id in .env file is right but on browser it is wrong.

https://mvp-stg-tenant.us.auth0.com/authorize?audience=https%3A%2F%2Fmvp-stg-tenant.us.auth0.com%2Fapi%2Fv2%2F&scope=openid%20profile%20email%20read%3Acurrent_user&client_id=kqYrTflM2n2582yxG8cVTMykWpW4fB0a&redirect_uri=https%3A%2F%2Fstg.intra-airmatrix.ca&response_type=code&response_mode=query&state=N1ZEflpLUFM1Z2Z3OTFTRU8xa0pOekdGMHlvM1dIZGtaZGxYWUhpcGVsXw%3D%3D&nonce=LmhEY1YxUFJQTHJOLkxlVXB2dGI3dkxmYUwzdkhBVDVHdlotZmROa1ZYcA%3D%3D&code_challenge=U3sroUp-MiMe1j5l2K4rUR5f64HsotonRjFBb2xeq3U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ%3D%3D

https://mvp-stg-tenant.us.auth0.com/authorize?audience=https%3A%2F%2Fmvp-stg-tenant.us.auth0.com%2Fapi%2Fv2%2F&scope=openid%20profile%20email%20read%3Acurrent_user&client_id=kqYrTflM2n2582yxG8cVTMykWpW4fB0a&redirect_uri=https%3A%2F%2Fgcs-dev.intra-airmatrix.ca&response_type=code&response_mode=query&state=VmNmTm9ZNWRuNGtGVUMwaUxmVk9KUVcwbm5ucUxsd0YtV2tZLkNFd1R3dw%3D%3D&nonce=X3RUN0hoUXRyNEF4dDB1YU5MYjhnT2ZodEtuRVFjfjRQdXZRTFUtfmdoUQ%3D%3D&code_challenge=k5oh_s7zKKuTy7QQj5UcGOQtj4G7s-xacf5j4OJv2_A&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ%3D%3D

There are 2 requests . one for the image running just in docker with url name starting “gcs-dev” and other one running on kubernetes with url starting “stg” both of them are suppose to user different app in the domain for auth0 . First one with gcs url works but hitting stg url refers to the client id of gcs url which is kind of surprising

Thanks
Devendra

dan.woda · April 7, 2022, 7:34pm

Thanks for the added info. This is most likely a result of your configuration adding the wrong client ID somewhere.

Topic		Replies	Views
JupyterHub Login Issue Help	3	3054	October 22, 2019
I have an unknown strange client ID making api request to my auth0 domain and audience Help user-profile , user-management	2	1094	April 10, 2023
Auth0 - Laravel connection Help configuration , application	3	250	September 26, 2024
Application showing a duplicated client_id and client_secret after copying tenant with auth0-deploy-cli Help extensions , auth0-deploy-cli	2	1602	November 9, 2022
What version of Auth0 are we currently running? Help configuration , application	1	729	October 6, 2023

Auth0 using old client id

Related Topics