'config.callbackURL' on Universal Login Preview returns '{YOUR_APP_CALLBACK_URL}' when trying to use Custom Domain

I have two tenants set up - one for Dev and one for Production. Both have worked for a few years using Embedded Lock. We are moving to Universal Login and have always had our Callback URLS whitelisted in our settings properly - they work with currently.

On the Dev side, our login works perfectly fine - we are not using a custom domain there, but rather the default Auth0 urls. On the Dev tenant, config.callbackURL returns as expected and the auth flow goes through.

On our Production tenant, we have a Custom Domain and the config.callbackURL returns ‘{YOUR_APP_CALLBACK_URL}’ so the auth fails.

Not sure what would be causing this - we’re using the exact same Lock code in both tenants, the only difference is the tenant (and associated whitelisted callback URLS) and the Custom Domain.

Here is our lock code:



Just figured this out - and this is poor implementation in my opinion.

Our Production tenant had 3 applications (web, API, machine to machine). Only Web was used. The Preview just uses the first one in the list which was not configured completely. Deleting the unused applications forces the Preview to use the first (active) application available.

There really should be a way to select which application to Preview Universal Login on. That would have saved me hours.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.