Hi, apologizing for my english in advance. Im having problems with redirect urls/callbacks when Im trying to do silent auth with “this.lock.checkSession”. When I check Logs on my Auth Dashboard I see that “redirect_uri” I send is incorrect and taken from “current page url” of my application. I specify redirect url as a parameter inside this.lock.checkSession.
Note: it was working just fine, and suddenly stoped without me touching any setting/rewriting auth code.
Below I will show my implementation:
silentAuth() {
return new Promise((resolve, reject) => {
this.lock.checkSession({ redirectUri: config.auth0Navigation.callback, responseType: ‘token id_token’ }, (err, authResult) => {
if (err) {
return reject(err);
}
this.setSession(authResult);
return resolve();
});
});
}
Note: config.auth0Navigation.callback is equal to my Allowed Callback URLs, which are “http://localhost:3000/callback, https://www.myproductionurl.io/callback”
This is log example:
{
“date”: “2020-04-02T16:38:12.999Z”,
“type”: “fsa”,
“description”: “Callback URL mismatch. http://localhost:3000/ is not in the list of allowed callback URLs”,
“ip”: “174.7.117.205”,
“user_agent”: “Chrome 80.0.3987 / Mac OS X 10.14.6”,
“details”: {
“body”: {},
“qs”: {
“client_id”: “correct-id-checked”,
“response_type”: “token id_token”,
“redirect_uri”: “http://localhost:3000/”,
“scope”: “openid profile email”,
“connection”: “google-oauth2”,
“state”: “stateIdhidden”,
“nonce”: “nonceHidden”,
“response_mode”: “web_message”,
“prompt”: “none”,
“auth0Client”: “hidden”
},
“connection”: null,
“error”: {
“message”: “Callback URL mismatch. http://localhost:3000/ is not in the list of allowed callback URLs”,
“oauthError”: “Callback URL mismatch. http://localhost:3000/ is not in the list of allowed callback URLs. Please go to ‘https://manage.auth0.com/#/applications/correct-id-checked/settings’ and make sure you are sending the same callback url from your application.”,
“payload”: {
“message”: “Callback URL mismatch. http://localhost:3000/ is not in the list of allowed callback URLs”,
“code”: “unauthorized_client”,
“status”: 403,
“name”: “CallbackMismatchError”,
“authorized”: [
“http://localhost:3000/callback”,
“https://www.myproductionurl.io/callback”
],
“attempt”: “http://localhost:3000/”,
“client”: {
“clientID”: “correct-id-checked”
},
“log_url”: “https://manage.auth0.com/#/logs/”
},
“type”: “callback-url-mismatch”
}
},
“hostname”: “dev-o2y1hxt2.auth0.com”,
“auth0_client”: {
“name”: “lock.js”,
“version”: “11.14.1”,
“lib_version”: {
“raw”: “9.10.1”
}
},
“log_id”: “90020200402163816923000479864784842441575632461862273154”,
“_id”: “90020200402163816923000479864784842441575632461862273154”,
“isMobile”: false
}
Thank you!
Hi @maksym.aws, welcome to the Auth0 community!
The value passed with the redirectUri
parameter needs to be a single URI as a string. You can see details here.
Hi @kstrongholte, thank you for response.
I think I didn’t explain correctly, in this code
“this.lock.checkSession({ redirectUri: config.auth0Navigation.callback, responseType: ‘token id_token’ },”
in dev env config.auth0Navigation.callback = “http://localhost:3000/callback”
in prod env config.auth0Navigation.callback = “https://www.myproductionurl.io/callback”
So it is a single string.
If you add console.log(config.auth0Navigation.callback)
in your script before this.lock.checkSession...
, what value do you see?
I see the correct value. “http://localhost:3000/callback”. But in Auth Logs its wrong value.
A callback integration fails with a configured SOAP action mismatch error when the trigger in the callback integration is configured with a connection using the Upload File checkbox to upload a WSDL that does not have a binding section.