Auth0 using old client id

Hi,

I have created 2 auth0 app within a domain. Docker is using one and have created another one to be used with kubernetes but for some reason instance running on kubernetes still refers to client id of docker running instance.

I don’t understand the reason for using different app when right app details are specified in env variables for kubernetes and are reflecting correctly at backend but on browser it still refers to old client id. Please assist finding the issue on this

{
“body”: {},
“qs”: {
“audience”: “https://mvp-stg-tenant.us.auth0.com/api/v2/”,
“scope”: “openid profile email read:current_user”,
“client_id”: “kqYrTflM2n2582yxG8cVTMykWpW4fB0a”,
“redirect_uri”: “https://stg.intra-airmatrix.ca”,
“response_type”: “code”,
“response_mode”: “query”,
“state”: “MjFKYWRmVldfbTF+QlRodXRLT29MaFRhbXdlYkxTY25pYnFucnFvRHlsbA==”,
“nonce”: “X1NfOTZaUC45UU0wV3hqOHVSUDJXfktTSHNwWGZ+VnVTaGdhVDI2R0ktcQ==”,
“code_challenge”: “VnYzN7K3PQhZq5IN_paWZYT9Yp-sHhP8qZyjmfO4c0E”,
“code_challenge_method”: “S256”,
“auth0Client”: “eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ==”
},
“error”: {
“message”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs”,
“oauthError”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs. Please go to ‘https://manage.auth0.com/#/applications/kqYrTflM2n2582yxG8cVTMykWpW4fB0a/settings’ and make sure you are sending the same callback url from your application.”,
“payload”: {
“message”: “Callback URL mismatch. https://stg.intra-airmatrix.ca is not in the list of allowed callback URLs”,
“code”: “unauthorized_client”,
“status”: 403,
“name”: “CallbackMismatchError”,
“authorized”: [
https://gcs-dev.intra-airmatrix.ca/dashboard”,
https://gcs-dev.intra-airmatrix.ca/”,
https://dev-unnb-3ir.us.webtask.run/auth0-authentication-api-debugger”,
https://gcs-dev.intra-airmatrix.ca/register
],
“attempt”: “https://stg.intra-airmatrix.ca”,
“client”: {
“clientID”: “kqYrTflM2n2582yxG8cVTMykWpW4fB0a”
},
“log_url”: “https://manage.auth0.com/#/logs/
},
“type”: “callback-url-mismatch”
},
“session_id”: “uoM663QHlc6P34gWPER8aY-vJ_bLQZ_-”
}

It refers to wrong app . I created mvp-stg-kube but for some reason all new request goes to mvp-stg-app

Thanks
Devendra

Hi @devendra,

Whatever client ID is sent in the request should be the one used for the Allowed Callback URLs.

Make sure whatever environment variables you are using for the client ID in the request are successfully being added to the request.

Hey Dan,

Yes that’s what I was expecting however in kubernetes env and during docker image building I updated all the values for the new client. However when hitting the browser with new url it shows all the correct url’s expect for the client id that’s being referred to other app in the same domain. I am using that app for other url . I can share more details if needed. I shared the logs though which shows new and old url they are from 2 different apps. This is surprising for me. Not sure if that’s a bug I have hit or auth0 behavior is wrong

Thanks
Devendra

Is the client ID in the outgoing request the correct client ID?

Client id in .env file is right but on browser it is wrong.

https://mvp-stg-tenant.us.auth0.com/authorize?audience=https%3A%2F%2Fmvp-stg-tenant.us.auth0.com%2Fapi%2Fv2%2F&scope=openid%20profile%20email%20read%3Acurrent_user&client_id=kqYrTflM2n2582yxG8cVTMykWpW4fB0a&redirect_uri=https%3A%2F%2Fstg.intra-airmatrix.ca&response_type=code&response_mode=query&state=N1ZEflpLUFM1Z2Z3OTFTRU8xa0pOekdGMHlvM1dIZGtaZGxYWUhpcGVsXw%3D%3D&nonce=LmhEY1YxUFJQTHJOLkxlVXB2dGI3dkxmYUwzdkhBVDVHdlotZmROa1ZYcA%3D%3D&code_challenge=U3sroUp-MiMe1j5l2K4rUR5f64HsotonRjFBb2xeq3U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ%3D%3D

https://mvp-stg-tenant.us.auth0.com/authorize?audience=https%3A%2F%2Fmvp-stg-tenant.us.auth0.com%2Fapi%2Fv2%2F&scope=openid%20profile%20email%20read%3Acurrent_user&client_id=kqYrTflM2n2582yxG8cVTMykWpW4fB0a&redirect_uri=https%3A%2F%2Fgcs-dev.intra-airmatrix.ca&response_type=code&response_mode=query&state=VmNmTm9ZNWRuNGtGVUMwaUxmVk9KUVcwbm5ucUxsd0YtV2tZLkNFd1R3dw%3D%3D&nonce=X3RUN0hoUXRyNEF4dDB1YU5MYjhnT2ZodEtuRVFjfjRQdXZRTFUtfmdoUQ%3D%3D&code_challenge=k5oh_s7zKKuTy7QQj5UcGOQtj4G7s-xacf5j4OJv2_A&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS45LjAifQ%3D%3D

There are 2 requests . one for the image running just in docker with url name starting “gcs-dev” and other one running on kubernetes with url starting “stg” both of them are suppose to user different app in the domain for auth0 . First one with gcs url works but hitting stg url refers to the client id of gcs url which is kind of surprising

Thanks
Devendra

Thanks for the added info. This is most likely a result of your configuration adding the wrong client ID somewhere.