Callback mismatch and wrong redirect_uri

Hi all, I am looking for some help.

I use Auth0 for my login in a next js app. I have my custom domain with vercel, the vercel.app address and local host setup as callbacks:

customdomain/api/auth/callback,
vercel.app domain/api/auth/callback.
http://localhost:3000/api/auth/callback

I have a problem with some clients that have strong ssl firewalls. As they try to log in, they get an error: ERR_SSL_PROTOCOL_ERROR for vercel.app domain

This is strange tho cause they are accessing from customdomain

They seem to be redirected to the vercel.app domain callback (which should not happen, as they are accessing from the customdomain).

I tried a few things.

I deleted the vercel.app domain address and taken out the call back. I get an error from auth0 that there is a callback mismatch, it still looks for the vercel.app domain. The local host still works fine. It looks like when logging in with the customdomain it redirects to the vercel.app domain domain and then back to the customdomain , it pick the wrong callback, even if it doesn’t I delete the vercel.app domain.

I deleted the vercel.app domain/api/auth/callback and got callback mismatch.
I noticed that when I get the callback mismatch, there is this param inside the the url:
code&redirect_uri=https%3A%2F%2F vercel.app domain %2Fapi%2Fauth%2F
which does not makes sense as that domain supposingly does not exist anymore

Thank you for your help!

Hi @yourmindup,

Welcome to the Auth0 Community!

Your app’s redirect_uri seems to be pointing to the wrong callback URL. Please ensure that your app’s redirect_uri points to the correct URL that you have specified in the Allowed Callback URLs list.

I also recommend checking your network activity when logging in to verify that you are passing in the correct redirect_uri value.

Ultimately, for successful authentication, the redirect_uri in your request needs to exactly match the one in the Allowed Callback URLs list.

Thanks,
Rueben

Hi Rueben, Thank you, sounds great! with the nextJs sdk, would something like this do the job?:

handleAuth({
  callback: handleCallback({
    redirect_uri: `${window.location.origin}/api/auth/callback`
  })
})

or should I set anvironment variable AUTH0_CALLBACK (which would be trickier as I use multiple domains)

1 Like

Hi @yourmindup,

Yes, your code snippet will do the job in redirecting your user to your callback URL. :+1:

This is a valid approach, considering you have multiple domains.

Thanks,
Rueben

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.