Callback URL mismatch when changing the allowed callback URL of the application

stephanie.chamblee · March 23, 2021, 1:13pm

Welcome to the Community!

For Allowed Callback URLs, you cannot use something like a wildcard (e.g. http://localhost:4200/*), but instead the URL must be an exact match, including the relative path.

The suggested implementation is to pass a state param when requesting authentication and then refer to that in the /callback page to perform the redirect:

Store the following in localStorage: randomStateValue : the URL pathname.
Pass randomStateValue as the state parameter in the authentication request.
Check the state value in the callback, and retrieve the value for randomStateValue from localStorage.
Perform the redirect from within your application.

Documentation: Prevent Attacks and Redirect Users with OAuth 2.0 State Parameters

Related topics:

Topic		Replies	Views
The provided redirect_uri is not in the list of allowed callback URLs angular Help	1	4639	January 8, 2021
Call Back Mismatch Error Help lock , auth0 , redirecturi	5	3837	April 9, 2020
Callback URL mismatch even when callback is put in Help auth0 , api , login	2	1435	July 13, 2024
Redirect to a different page Help login-experience , new-universal-login-experience	2	1040	April 8, 2023
Redirect URI issue after successful login with @auth0/auth0-angular Help angular , login , redirect , redirecturi	4	24684	March 13, 2021