Callback URL mismatch http and https. “is not in the list of allowed callback URLs”

Hi there!

I have a Blazor Server app which I’ve deployed to Heroku via Docker. This is my app’s url https://my-app.herokuapp.com. In Allowed Callback URLs in my Auth0 app settings I have this callback url: https://my-app.herokuapp.com/callback. But when I try to login I get this error message: “Callback URL mismatch. http://my-app.herokuapp.com/callback is not in the list of allowed callback URLs”. So I don’t understand why actual url has http, not https and how to fix this issue.
Auth0

Will be grateful for any help.

Hi fandorine.
Have you configured the custom domain for your App? Just double check, I believe that it’ve done already.
As far as I know, the callback Url is “https://[your custom domain]/auth0/callback” normally. The callback URL is pre-programmed in the integration package that Auth0 guides us, you can refer to Application > Quick Start (pick the technology you are using).
Follow up the Auth0 guide, it works well in my side, even with the localhost environment (pay attention on the pattern of callback URL)
In case you have the optimization callback URL, you should have the implementation in your end.

1 Like

Thanks for answer @mj.phong. First of all I don’t have access to set custom domain for my Auth0 app and I don’t get how it can help me with this problem. Secondly, it works perfectly fine with localhost (you can see localhost callback in the image above. I have no idea why I get HTTP protocol callback when my app on Heroku has HTTPS protocol.

If I’m not mistaked, the problem was with url redirect process in Blazor, not Auth0 or Heroku. Here is the link asp.net core - How to set redirect_uri protocol to HTTPS in Azure Web Apps - Stack Overflow, which has solution for my case.

2 Likes