Overview
When configuring Cloudflare as the reverse proxy for a custom domain with self-managed certificates, the following error is returned:
The redirect_uri parameter is not valid: “https%3A%2F%2Fwww.example.com%2Flogin%2Fcallback” If url looks fine, check that you are not including non printable chars
The “redirect_uri” parameter appended to the ‘/authorize’ request was reviewed and confirmed to be sending the correct value (e.g., https://www.example.com/login/callback).
If the URL from the error message is decoded “https%3A%2F%2Fwww.example.com%2Flogin%2Fcallback”, it is the redirect_uri parameter being sent, and it is included in the list of Allowed Callback URLs.
This article details how this issue can be investigated further.
Applies To
- Cloudflare
- redirect_uri parameter
- Error
Solution
The value of the “redirect_uri” parameter that was reaching Auth0 was not the same value sent as the one seen in the network trace. It was being replaced/altered by Cloudflare before it reached the Auth0 server.
Check the configured Cloudflare workers, and disable all if possible. If the issue goes away, enable them one by one until the one causing the issue is found.