I have an ASP.NET MVC application which is using Auth0 and hosted Lock v11. Right now I’m having an issue with the redirects once a user authenticates with Lock. No matter what I do, the callbackURL is always
http://localhost:53474/signin-auth0
I would like to pass a the return URL from my application to Lock, but I can’t figure out how to set it. Here are some of the relevant snippets from my application.
From my OnAuthorization method:
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { “action”, “Login” },
{ “controller”, “Account” },
{ “returnUrl”, filterContext.HttpContext.Request.Url}
});
From my account controller:
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
return new ChallengeResult(“Auth0”, returnUrl ?? Url.Action(“Index”, “Home”));
}
And here is the @@config@@ JSON object that I receive in my Lock hosted page:
{
“assetsUrl”: “”,
“auth0Domain”: “.auth0.com”,
“auth0Tenant”: “”,
“clientConfigurationBaseUrl”: “strippedforlinklimit”,
“callbackOnLocationHash”: false,
“callbackURL”: “http://localhost:53474/signin-auth0”,
“cdn”: “strippedforlinklimit”,
“clientID”: “myclientid”,
“connection”: “”,
“dict”: {
“signin”: {
“title”: “My App”
}
},
“extraParams”: {
“protocol”: “oauth2”,
“response_type”: “code”,
“scope”: “openid profile”,
“audience”: “strippedforlinklimit”,
“_csrf”: “csrftoken”,
“_intstate”: “deprecated”,
“state”: “thestate”
},
“internalOptions”: {
“protocol”: “oauth2”,
“response_type”: “code”,
“scope”: “openid profile”,
“audience”: “strippedforlinklimit”,
“_csrf”: “csrftoken”,
“_intstate”: “deprecated”,
“state”: “thestate”
},
“widgetUrl”: “strippedforlinklimit”,
“isThirdPartyClient”: false,
“authorizationServer”: {
“url”: “strippedforlinklimit”,
“issuer”: “strippedforlinklimit”
}
}
And part of my hosted page:
auth: {
redirectUrl: config.callbackURL,