Creating or Updating Clients - Callbacks Not Recognised As Being Valid Without clicking Save in UI

I am using the API to Create or Update an application with callbacks. I try to authenticate for my product and I get this is not a valid callback notification so I go into the application UI to confirm if the failed url is in the list of callbacks. I see it there so I just press save changing nothing. I try to authenticate again for my product and this time it works, no invalid call back issue. Is there a cache or something that I need to flush after setting up applications using the API that would do the equivalent of the save button in the UI?

Hi @sarah.webb,

Welcome to the Auth0 Community!

I understand that you encountered the "Callback URL mismatch. The URL is not in the list of allowed callback URLs” error.

There are some parts of the Auth0 dashboard test UI that caches data and take a few moments to update and reflect your new changes. However, if you test by calling the /authorize endpoint, you should always get the most up-to-date changes.

Generally, if you encounter this error, we recommend clicking the See Details for this error link to expand the error message and the callback URL that it recommends you include in the list of Callback URLs on your application settings.

After you have included it in your list of Callback URLs, you will be able to log into your application and complete the login flow.

I hope this helps!

Please let me know if you have any further questions.

Thank you.

Thank you for your reply. Via my product I do call the authorise endpoint however the unrecognised call backurls mismatch, seem to be indefinate unless I click that Save button in the UI, ie more than an hour. If I “view log” as you suggest I see the authorised call backs and the requsted callback and they match exactly but it is reported as invalid. I did an experiment using the Client endpoint to retrieve the application data before pressing the save button in the UI and after pressing the save button in the UI and using Beyond Compare confirmed that the output was exactly the same. I think theres something else going on but Im not sure what

1 Like

Hi @sarah.webb,

Thank you for your response and clarification.

This is an interesting behavior I have not yet encountered. Could you please confirm if your redirect_uri in your /authorize call is in the list of Callback URLs?

And just so I understand correctly, when making a request to the Management API’s Get a client endpoint before and after making a change, the response was the same. Is that right?

In this case, are you able to see if the behavior is consistent when using the Management API to update the application, and then using the Auth0 Dashboard > Applications > Applications > YOUR_APP to see if the changes made are reflected immediately on the dashboard?

Lastly, could you please DM your tenant to me? I would like to investigate this issue further.

I am looking forward to your reply.

Thank you!

Hi, thank you Rueben,
I can confirm that the redirect uri is in my list of callbacks, pasted them both into notepad and they look exactly the same.
I can confirm the responses gained using the management api were exactly the same.
I can see that the changes made via the management api are immediately updated and visible in the dashboard.
Today however pressing the save button in the UI seems to make no difference and the callback remains invalid after several minutes even though the url seems the same.
I would happily give you the tenant to be investigated, what do you mean by DM?

1 Like