Did Auth0 start forcing callback urls to use https?

I have an auth0 application that is being developed locally and not using https. I don’t believe I changed anything but when trying to login, I receive the Callback URL Mismatch error and the only difference is that now my localhost url is using https within the auth0 generated callback… Did something change?


Howdy @peterflat :cowboy_hat_face:

Since switching the project from HTTP to HTTPS have you added the new HTTPS URL to the list of “Allowed Callback URLs”?

I was able to replicate your issue here:

But then solve it by adding the callback URL to my app:

Hope this helps?

That highlights the issue: The allowed callback url that I specified is http. The generated callback appears to be forcing https. As far as I understand the system has always generated http callback urls for local development. Has something changed on Auth0’s side recently?

We’ve not changed what we do with HTTP or HTTPs callback URLs. It’s possible your application may have changed, what does your redirect_uri look like when authorising with Auth0? Are you linked to another repo/library?