Callback URL uses http instead of https

Hey :wave:, I have added Auth0 to my MVC app, it works perfectly in DEVELOPMENT but on PRODUCTION(DigitalOcean) it gives me that I got a Callback URL mismatch:

Log:

{
“date”: “2023-01-31T13:18:48.936Z”,
“type”: “f”,
“description”: “Callback URL mismatch. Give yourself a better website » MY DOMAIN is not in the list of allowed callback URLs”,
“connection_id”: “”,
“ip”: “2800:810:5a8:80c2:f000:aac2:2f68:4aeb”,
“user_agent”: “Chrome 109.0.0 / Windows 10.0.0”,
“details”: {
“body”: {},
“qs”: {
“client_id”: “vHcUKPl8hr4AbiAAEEP8jUhP3IZQaPQQ”,
“redirect_uri”: “Give yourself a better website » MY DOMAIN”,
“response_type”: “id_token”,
“scope”: “openid profile”,
“response_mode”: “form_post”,
“nonce”: “638107679286067585.OGZlNTI2OWQtNDlmMi00M2JjLWFhMTYtY2I0M2E5NTMyZjY1NTIxZTQ0NTUtMzU2ZS00MTYwLWJlNmQtOWU2ODMxYzUzY2E4”,
“auth0Client”: “eyJuYW1lIjoiYXNwbmV0Y29yZS1hdXRoZW50aWNhdGlvbiIsInZlcnNpb24iOiIxLjEuMCJ9”,
“state”: “CfDJ8HoRyNfl4AROnvm-SSYUBOAswwYmKypXEYaTkYtEzR9YRjFGsgATtG8ufYgKnz-5XdEtzSv3wzWwbAUCx08JUuxZJSX5gdTWSDG5dkAKJbE13DzFl9UWXcM0BpAz9EI2F8CnZ-wA0MUiQ2gZR_jT6irnzAyQDwQAw5SSIXbiekcWD6z0DU40tMkJEknSuWif89-CPniUu8QINMlJEYOotBwc-0DcMq6hGM7LE2sYIDtsvhexpFpVcOepSm8aaqy_OJXBINj4kah95ZvFi8Jh_Wf4m3m5XU4NOE0-k69OrZ9bN5rV7Jt6h_Q5K718iW1nsw”,
“x-client-SKU”: “ID_NET6_0”,
“x-client-ver”: “6.25.1.0”
},
“error”: {
“message”: “Callback URL mismatch. Give yourself a better website » MY DOMAIN is not in the list of allowed callback URLs”,
“oauthError”: “Callback URL mismatch. Give yourself a better website » MY DOMAIN is not in the list of allowed callback URLs. Please go to ‘https://manage.auth0.com/#/applications/vHcUKPl8hr4AbiAAEEP8jUhP3IZQaPQQ/settings’ and make sure you are sending the same callback url from your application.”,
“payload”: {
“message”: “Callback URL mismatch. Give yourself a better website » MY DOMAIN is not in the list of allowed callback URLs”,
“code”: “unauthorized_client”,
“status”: 403,
“name”: “CallbackMismatchError”,
“authorized”: [
Give yourself a better website » MY DOMAIN
],
“attempt”: “http://my-domain/callback”,
“client”: {
“clientID”: “vHcUKPl8hr4AbiAAEEP8jUhP3IZQaPQQ”
},
“log_url”: “https://manage.auth0.com/#/logs/
},
“type”: “callback-url-mismatch”
},
“session_id”: “gl9C4ZCBlTQNbYASgKew0mKPR6vmUwVh”
},
“hostname”: “dev-ggxof8bd75l4qzbi.us.auth0.com”,
“auth0_client”: {
“name”: “aspnetcore-authentication”,
“version”: “1.1.0”
},
“log_id”: “90020230131131851753889066341659355572805083499088314386”,
“_id”: “90020230131131851753889066341659355572805083499088314386”,
“isMobile”: false,
“id”: “90020230131131851753889066341659355572805083499088314386”
}

Auth0 config:

Program.cs:

using Auth0.AspNetCore.Authentication;
using Microsoft.Data.Sqlite;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
if (Environment.GetEnvironmentVariable(“ENVIRONMENT”) == “DEVELOPMENT”)
{
var inMemorySqlite = new SqliteConnection(“Data Source=Shareable;Mode=Memory;Cache=Shared”);
builder.Services.AddDbContext(
options => options.UseSqlite(inMemorySqlite).LogTo(Console.WriteLine, LogLevel.Information)
);
builder.Services.AddScoped<DbContext, FeatureFlagContext>();
}
else
{
var postgreSqlConnectionString = Environment.GetEnvironmentVariable(
“RELATIONAL_DATABASE_CONNECTION_STRING”
);
builder.Services.AddDbContext(
options => options.UseNpgsql(postgreSqlConnectionString)
);
builder.Services.AddScoped<DbContext, FeatureFlagContext>();
}
// Add services to the container.
builder.Services.AddControllersWithViews();
builder.Services.AddAuth0WebAppAuthentication(options =>
{
options.Domain = Environment.GetEnvironmentVariable(“AUTH0_DOMAIN”);
options.ClientId = Environment.GetEnvironmentVariable(“AUTH0_CLIENT_ID”);
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler(“/Home/Error”);
// The default HSTS value is 30 days. You may want to change this for production scenarios, see Enforce HTTPS in ASP.NET Core | Microsoft Learn.
app.UseHsts();
}
using (var scope = app.Services.CreateScope())
{
var services = scope.ServiceProvider;
DbContext context;
if (Environment.GetEnvironmentVariable(“ENVIRONMENT”) == “DEVELOPMENT”)
{
context = services.GetRequiredService();
context.Database.Migrate();
}
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllerRoute(name: “default”, pattern: “{controller=Home}/{action=Index}/{id?}”);
app.Run();
public partial class Program { }

Thank you in advance.

Hi @maury,

Thanks for reaching out to the Auth0 Community!

I have just investigated your tenant logs and found that there was indeed a Callback URL mismatch error.

From the logs, I found that the login request was passing in a different URL for the redirect_uri than the one expected in the Callback URL.

Given that, I recommend checking your /authorize request, specifically the redirect_uri query parameter, to make sure the URL points to the URL specified in your Allowed Callback URLs of your Application’s settings.

I hope this helps!

Please let me know if you have any additional questions.

Thanks,
Rueben

Hey @rueben.tiow :wave:,

Thanks for reply my thread.

Would you explain me like I’m five this?:

Given that, I recommend checking your /authorize request, specifically the redirect_uri query parameter, to make sure the URL points to the URL specified in your Allowed Callback URLs of your Application’s settings.

I didn’t understand pretty well what I have to do. Where I check my /authorize request? The redirect_uri points me that it’s fetching the url with HTTP


image

But in my allowed callback urls I have it with httpS

image

Hi @maury,

Thank you for your reply.

Essentially, you will need both the redirect_uri and Callback URL to match.

For this case, you can add the http URL to your Allowed Callback URLs list and give the login another try. It should fix the issue.

Please let me know how this goes for you.

Thanks,
Rueben

I had to add this to my Program.cs to make it work:

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});

Thank you for your time.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.