Authorization code flow with callback URL: redirect to "/" after a successful login

  • Which SDK this is regarding: auth0-angular

  • SDK Version: 1.3.1

  • Platform Version:
    *@angular/common: 11.0.5 *
    *@angular/core: 11.0.5 *
    @angular/platform-browser: 11.0.5

  • Code Snippets/Error Messages/Supporting Details/Screenshots:
    The authorization code flow ends successfully, I got the tokens (id + authorization) as expected, but at the end of the flow the Angular router redirect me to β€œ/”. Following details.

After the login on auth0 my browser is redirected to the expected url (the one I configured in the β€œcallback url” in the app setup page on with code and state as query string parameters.
After that I see in the network tab the /oauth/token POST and a http 200 response from auth0 with the tokens in the response body (I tried the tokens with postman challenging my api and they work great).
Few instants later I see the content of my router-outlet changing from the route of the callback url to the route β€œ/”.

I included the sourceMaps of auth0 in my build and I found the code lines where the router points to β€œ/”:

  private handleRedirectCallback(): Observable<RedirectLoginResult> {
    return defer(() => this.auth0Client.handleRedirectCallback()).pipe(
      tap((result) => {
        const target = result?.appState?.target ?? '/';

In my case appState is undefined.
Going deeper the appState is a property of the transaction object and looking at the creation of the object:

  nonce: nonceIn,
  scope: params.scope,
  audience: params.audience || 'default',
  redirect_uri: params.redirect_uri,
  ...(organizationId && { organizationId })

I can say that the appState is undefined during the creation of the transaction.

Following the return value of the function handleRedirectCallback:

return {
  appState: transaction.appState

that in my case is always undefined.

Configuration details on auth0:

Following the configuration in my app.module:

  domain: environment.auth.issuer,
  clientId: environment.auth.clientId,
  audience: environment.auth.audience,
  redirectUri: 'http://localhost:4200/login/callback',
  errorPath: 'http://localhost:4200/login/callback',
  scope: openid profile email offline_access,
  useRefreshTokens: true,
  httpInterceptor: {
    allowedList: [
        uri: environment.api.endpoints.base + '/*',
        tokenOptions: {
          audience: environment.auth.audience,

Can someone help me?
If you need any further details please feel free to ask.

Thank you.

I found a closed issue about the problem I’m facing and I put there a comment:

1 Like

Thanks for reporting that! As I saw you mentioned the repo maintainer there so there should work on that soon!