When using user/password, everything works flawlessly.
User authenticates
Redirect rule confirmed to be running and redirecting to legal consent page
User agrees with legal terms and hits the /continue endpoint, including state parameter
Redirect rule confirmed to be running and storing consent opt in to database
Callback is happening and user is logged in
When using a social login provider to authenticate step 1-3 is happening as well, including the state parameter being attached to the /continue url parameters. Unfortunately though step 4 fails, as the rule is not running (I have a console.log on line 1 to confirm) and /code?state=xxx returns Unauthorized instead.
Any idea what I’m doing potentially doing wrong here? There’s nothing in the logs when step 4 fails… nothing on the global logs, nor on the rule logs.
That’s indeed the case. I was already wondering if that could cause trouble here, but wouldn’t how/why? I only get a warning logged because of that, but no errors. I wanted to put my own credentials soon anyway, but would still be curious to understand why this is causing problems here if you can share
It’s mostly caused by the different domains involved (your Auth0 domain and a special domain, login.auth0.com, used as the recipient for all the dev keys callbacks) and the inability to share sessions. You can find a more complete explanation of what doesn’t work and why at Test Social Connections with Auth0 Developer Keys.
Dev keys makes it easier to get the “A-ha!” moment, but unfortunately have some issues associated with them.