Auth0 Home Blog Docs

Change /authorize url

url
custom-url

#1

In my app I use both Auth0 and other service for authorization (changes depending on configuration set on startup). Library that handles this process has hard-coded part of url ‘/oauth2/authorize’.

It worked yesterday. It seems broken today for auth0 (still works for second service).

Apparently Auth0 no longer supports this URL as an endpoint. I have to manually remove ‘oauth2/’ part so it points to ‘/authorize’ to make it work.

Can I go back to the behavior from yesterday and configure my client to accept the endpoint with ‘oauth2/’ fragment?


#2

To my knowledge and based on all the documentation that I’m aware the URL of the authorization endpoint is https://[your_domain].auth0.com/authorize so your statement of it worked yesterday raises some questions from my side. In particular, did it work in the sense that you completed an authentication or it worked in the sense it did not result in a 404. Nonetheless, this is more for curiosity than anything because like mentioned before you should be using just /authorize.

There is nothing in the OAuth 2.0 specification that mandates a specific path for the authorization endpoint so the library in question should not be making that assumption in the first place as it means that it will not be interoperable with a lot of authorization servers that provide the endpoint at a different location.

In conclusion, if the library does not allow to configure the path of the authorization endpoint you should raise this as an issue with the library authors and meanwhile consider the use of a different library.


#3

Thanks for the answer!

It worked in sense it returned correct jwt token, that application could positively validate.

That’s what I feared. I’ve already provided workaround for this issue. I just hoped it could be configurable from auth0 side.


#4

Thanks for the answer!

It worked in sense it returned correct jwt token, that application could positively validate.

That’s what I feared. I’ve already provided workaround for this issue. I just hoped it could be configurable from auth0 side.


#5