Does Auth0 rewrite the redirect_uri from http to https?

I have a report from one of our devs that he is seeing a redirect_uri being re-written from http to https. He’s doing development in his local environment and using http://127.0.0.1:8081/callback but it appears the callback is being rewritten to https. When he goes to the first URL below, the URL is rewritten / he is redirected to the second URL:

https://[MYTENNANT].auth0.com/authorize?audience=https%3A%2F%2F[MYTENNANT].auth0.com%2Fuserinfo&client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2F127.0.0.1%3A8081%2Fcallback%2F&state=[STATE]&prompt=login&scope=openid+profile+email+offline_access&response_type=code&language=en

https://[MYTENNANT].auth0.com/authorize?audience=https%3A%2F%2F[MYTENNANT].auth0.com%2Fuserinfo&client_id=[CLIENT_ID]&redirect_uri=https%3A%2F%2F127.0.0.1%3A8081%2Fcallback%2F&state=[STATE]&prompt=login&scope=openid+profile+email+offline_access&response_type=code&language=en

Hi @markd
Auth0 makes no attempt to rewrite the redirect URL, and the http scheme is supported (mostly for development purposes, don’t use it in production!).

If you want to provide a real URL to test or a .HAR file, happy to take a look. No need to obscure the tenant or client id, as this is public information, but if you prefer you can send it over DM.

Thanks Nicolas. I’ll get the dev to replicate and produce a HAR.

Turns out this was a PEBKAC error. Issue resolved.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.