Does Auth0 rewrite the redirect_uri from http to https?

I have a report from one of our devs that he is seeing a redirect_uri being re-written from http to https. He’s doing development in his local environment and using http://127.0.0.1:8081/callback but it appears the callback is being rewritten to https. When he goes to the first URL below, the URL is rewritten / he is redirected to the second URL:

https://[MYTENNANT].auth0.com/authorize?audience=https%3A%2F%2F[MYTENNANT].auth0.com%2Fuserinfo&client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2F127.0.0.1%3A8081%2Fcallback%2F&state=[STATE]&prompt=login&scope=openid+profile+email+offline_access&response_type=code&language=en

https://[MYTENNANT].auth0.com/authorize?audience=https%3A%2F%2F[MYTENNANT].auth0.com%2Fuserinfo&client_id=[CLIENT_ID]&redirect_uri=https%3A%2F%2F127.0.0.1%3A8081%2Fcallback%2F&state=[STATE]&prompt=login&scope=openid+profile+email+offline_access&response_type=code&language=en

Hi @markd
Auth0 makes no attempt to rewrite the redirect URL, and the http scheme is supported (mostly for development purposes, don’t use it in production!).

If you want to provide a real URL to test or a .HAR file, happy to take a look. No need to obscure the tenant or client id, as this is public information, but if you prefer you can send it over DM.

1 Like

Thanks Nicolas. I’ll get the dev to replicate and produce a HAR.

Turns out this was a PEBKAC error. Issue resolved.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.