Changing GitHub Social Auth to Custom Domain, "Try Connection" fails with Oops invalid_request

I’m new to Auth0. I’m have a React SPA and I want to add Auth0 for a protected area. I created a Dev tenant and got Social Auth working, via the tutorial, with my own client ID, etc, with Google and Github.

Now I am trying to create a Prod tenant that will use a Custom Domain. First I got the Social providers working with the default tenant domain Then I tried to migrate GitHub to the verified custom domain

I used the “Try Connection” in the Auth0 dashboard to avoid any env vars in my actual app not being correct. When I click it, I get an “Ooops, failed login, you may have pressed the back button, etc.” The Auth0 Log details show that there is a redirect_mismatch but does not say the wrong or expected values WHICH WOULD BE VERY HELPFUL. The url is:

The social settings are in the Sign in to GitHub · GitHub > OAuth Apps > My Prod app. The only changes from the version that worked are:

The Auth0 Application page settings stayed the same:

  • Allowed Callback URLs: https://*

On the Github settings page, I “revoked all user tokens” from before the change. Since the change, no logins have succeeded.

I also tried logging in via my website using a virgin user. It took me to the Github auth page, as expected, but then I got the oops message again. I tried again and it went straight to oops like my other dirty users.

In chrome dev tools I cleared all application storage including 3rd party cookies, closed the tab, closed the browser, brought it back up and it still went straight to oops. The Github auth connection shows no user tokens, so I have no idea how its keeping state unless its some sort of device ID. The app is pure client side.

I have the Auth0 tenant advanced settings set to use Non-Persistent Session BTW but it does not help.

I’ve looked but cannot find docs on how the custom domain handles redirection to the target auth0 instance in the CName. I’m expecting it to magically redirect to the actual app after authing but the clues seem to be that its redirecting to, which does not exist.

I’m using the Universal Login widget hosted by Auth0, with cosmetic changes using the web GUI.

I’ve wasted 2 days and $25 for custom domain plan. The docs all say “you will have to change some things when you move to custom domains” but dont give clear instructions. The SPA getting started code is good, but the “next level” tutorial it mentioned at the end has not been done apparently.

While I’m waiting for this, I’ll try to change the Google social auth over to the custom domain.
Thanks in Advance!

I fixed this by changing my custom domain value to the non-custom app route. I did not realize that the “verify custom domain” CNAME value was only for verification. After verification, you have to change it to the app route. The documentation for “Custom Domain” should note this just after the verification step. In general, the instructions are too “prosaic” and not “step by step”.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.