The Callback from Auth0 after Sign-up is not working. I put the standard Callback and Logout URLs into the Settings as recommended in the demo app. Instead of Auth0 calling my /callback function or my localhost:3000 route… it seems to be calling the same Node JS Express route that called it. More specifically, I have a route in my Node Express application called /register Within /register it calls the Auth0 login function with screen_hint: ‘signup’. This works fine, but after signing up, Auth0 calls my /register route in an infinite loop. It doesn’t call localhost:3000/callback (which I implemented) nor does it redirect to localhost:3000 like it does after login or logout. Any ideas?
Hi @jonpawelko,
Thanks for reaching out to the Auth0 Community!
I understand that your callback URL is not being called after a user goes through the sign-up flow.
First, could you clarify whether the login flow redirects the user to the correct callback URL?
And, could you please clarify if you downloaded the sample app and followed the steps from our docs here?
If you have done so, it should auto-populate the environment variables with the details from your application and you’ll only need to put the Allowed Callback URLs and Allowed Logout URLs in your application settings on the dashboard.
Lastly, you may find this example relevant in redirecting users to the callback URL.
Looking forward to your reply.
Thank you.
Hi Rueben! Thanks for the message. I have included my answers and some snippets below… Thanks!
I did follow the sample app and the steps you listed. I do have my allowed callback url set to http://localhost:3000/callback in my Auth0 account as shown in the sample. However, that callback function in my application never gets called. I looked at your sample as well and it looks like I’m following it as close as possible. I’m not using Passport, just Auth0. I think just about everything else works in my app including login and logout. Only the redirect from sign-up isn’t working.
I have the 2 code snippets in question pasted below. I first have a /register route in my application that gets called. That function then redirects the user to login with screen_hit set to signup. This works fine, I get routed to Auth0 where I successfully sign up. I can see the new user added to Auth0 fine. It looks like the callback function I pasted below should get called, but instead, my /register route gets called again in an infinite loop. I have pasted my Node JS window text at the bottom below showing how the output looks. The browser just hangs.
// ----------------------------------------------
// This register function first gets called
router.get(‘/register’, function(req, res, next) {
console.log(“Before register”);
res.oidc.login({
authorizationParams: {
screen_hint: ‘signup’,
},
});
console.log(“After register”);
});
// ----------------------------------------------------------
// Callback – this never gets called
router.get(‘/callback’, function(req, res, next) {
console.log(“Callback called!”);
if (req.oidc.isAuthenticated())
console.log("Email is " + req.oidc.user.email);
else {
console.log(“Not authenticated”);
}
res.render(‘index’, { title: ‘Express’ });
});
// ------------------------------------------------
Here is my Node JS cmd window output after I make the Register call, but before the callback is attempted:
C:\Users\jonpa\Documents\Software Engineering\Projects\Assassin 2022\Assassin Version 03>npm start
> assassinv01@0.0.0 start C:\Users\jonpa\Documents\Software Engineering\Projects\Assassin 2022\Assassin Version 03
> node ./bin/www
Using ‘form_post’ for response_mode may cause issues for you logging in over http, see express-openid-connect/FAQ.md at master · auth0/express-openid-connect · GitHub
Connected…!
GET /assassin/ 200 18.348 ms - 1259
Before register
After register
GET /register 302 351.482 ms - 752
Here is my Node JS cmd window after I finish signing up on Auth0:
C:\Users\jonpa\Documents\Software Engineering\Projects\Assassin 2022\Assassin Version 03>npm start
> assassinv01@0.0.0 start C:\Users\jonpa\Documents\Software Engineering\Projects\Assassin 2022\Assassin Version 03
> node ./bin/www
Using ‘form_post’ for response_mode may cause issues for you logging in over http, see express-openid-connect/FAQ.md at master · auth0/express-openid-connect · GitHub
Connected…!
GET /assassin/ 200 18.348 ms - 1259
Before register
After register
GET /register 302 351.482 ms - 752
Before register
After register
GET /register 302 10.421 ms - 752
Before register
After register
GET /register 302 9.281 ms - 752
Before register
After register
GET /register 302 5.391 ms - 752
Before register
After register
GET /register 302 7.049 ms - 752
Before register
After register
GET /register 302 5.324 ms - 752
Before register
After register
GET /register 302 7.294 ms - 752
Before register
After register
GET /register 302 5.509 ms - 752
Terminate batch job (Y/N)?
Hi Rueben. Good news! I think I figured out my issue.
I finally stumbled upon the login option properties defined on this express-openid-connect doc page: https://auth0.github.io/express-openid-connect/interfaces/loginoptions.html#returnto
It appears I need to set the returnTo string when I call the res.oidc.login function. The documentation states that if I don’t set this, the URL to return to after login defaults to {@link Request.originalUrl}
That explains why my original calling URL keeps getting called in an infinite loop.
2 follow-up questions…
- Is there a reason the Auth0 tutorial leaves out the returnTo parameter? Is my Application supposed to work without it like the Tutorial?
- I still don’t understand why/how this is now working. I now have the returnTo set to /callback, same as I have set in my Auth0 Settings. Whether I login or register, I always return to my http://localhost:3000/ route. I tried implementing the /callback function, but it never gets called. Is /callback a special route like /login or /logout that is already implemented under the covers? Why should I keep using /callback when I could just specify / or the actual route I want to end up at?
Updated code snippet:
res.oidc.login({
returnTo: ‘/callback’,
authorizationParams: {
screen_hint: ‘signup’
},
});
Thanks!
Jon
1 Like
Hi @jonpawelko,
Thank you for your responses.
Great catch on the redirectTo property! I’m happy to hear that you’ve addressed your infinite sign-up flow issue.
The returnTo parameter is optional. By default, downloading and using the Auth0 Express SDK quickstart will work OOTB. However, in your case of the sign-up loop, you needed to specify the returnTo property.
Yes, under the hood, it takes the redirect_uri value and validates it against the callback URL in your application settings.
When initiating the login flow, the redirect_uri request parameter is used as the callback URL. This is where your app receives and processes the response from Auth0 and redirects users to the callback URL after a successful login. Please take a look at our OAuth 2.0 Authorization Framework documentation that goes into details on how the redirect_uri works.
I hope this answers your questions!
Please let me know if there’s anything else I can do to help.
Thank you.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.