Callback mismatch and wrong redirect_uri

yourmindup · October 16, 2024, 2:34pm

Hi all, I am looking for some help.

I use Auth0 for my login in a next js app. I have my custom domain with vercel, the vercel.app address and local host setup as callbacks:

customdomain/api/auth/callback,
vercel.app domain/api/auth/callback.
http://localhost:3000/api/auth/callback

I have a problem with some clients that have strong ssl firewalls. As they try to log in, they get an error: ERR_SSL_PROTOCOL_ERROR for vercel.app domain

This is strange tho cause they are accessing from customdomain

They seem to be redirected to the vercel.app domain callback (which should not happen, as they are accessing from the customdomain).

I tried a few things.

I deleted the vercel.app domain address and taken out the call back. I get an error from auth0 that there is a callback mismatch, it still looks for the vercel.app domain. The local host still works fine. It looks like when logging in with the customdomain it redirects to the vercel.app domain domain and then back to the customdomain , it pick the wrong callback, even if it doesn’t I delete the vercel.app domain.

I deleted the vercel.app domain/api/auth/callback and got callback mismatch.
I noticed that when I get the callback mismatch, there is this param inside the the url:
code&redirect_uri=https%3A%2F%2F vercel.app domain %2Fapi%2Fauth%2F
which does not makes sense as that domain supposingly does not exist anymore

Thank you for your help!

rueben.tiow · October 17, 2024, 5:44pm

Hi @yourmindup,

Welcome to the Auth0 Community!

Your app’s redirect_uri seems to be pointing to the wrong callback URL. Please ensure that your app’s redirect_uri points to the correct URL that you have specified in the Allowed Callback URLs list.

I also recommend checking your network activity when logging in to verify that you are passing in the correct redirect_uri value.

Ultimately, for successful authentication, the redirect_uri in your request needs to exactly match the one in the Allowed Callback URLs list.

Thanks,
Rueben

yourmindup · October 18, 2024, 9:58am

Hi Rueben, Thank you, sounds great! with the nextJs sdk, would something like this do the job?:

handleAuth({
  callback: handleCallback({
    redirect_uri: `${window.location.origin}/api/auth/callback`
  })
})

or should I set anvironment variable AUTH0_CALLBACK (which would be trickier as I use multiple domains)

rueben.tiow · October 18, 2024, 4:48pm

Hi @yourmindup,

Yes, your code snippet will do the job in redirecting your user to your callback URL.

This is a valid approach, considering you have multiple domains.

Thanks,
Rueben

system · November 1, 2024, 4:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Callback URL mismatch. The provided redirect_uri is not in the list of allowed callback URLs Help nextjs	2	3440	October 6, 2022
Error with auth0 vercel next.js login Help classic-universal-login-experience , login-experience	6	2397	July 31, 2024
How to Deploy a Next.js App Secured By Auth0 to Vercel Developer Hub authentication , nextjs , vercel	12	2440	October 23, 2024
Callback URL mismatch when deploying on EC2 Help login-experience , new-universal-login-experience	2	29	August 22, 2024
Integrating Auth0 with NextJS (Not working) Help configuration , application	2	896	January 30, 2024

Callback mismatch and wrong redirect_uri

Related Topics