Error Message "Redirection is not available on /oauth/token endpoint"

Last Updated: Nov 13, 2024

Overview

When using the embedded login with a web application and we are encountering an issue that we cannot pinpoint or find answers online. Basically we are getting:

{
  error: 'invalid_request',
  error_description: 'Redirection is not available on /oauth/token endpoint.'
}

This is what we are sending through, as per the examples:

{
  "client_id": "...",
  "client_secret": "...",
  "grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp"",
  "username": "******",
  "otp": "*****",
  "realm": "email",
  "audience": "https://*****"",
  "scope": "openid profile email"
}

However, this is always resulting in the error. This is occurring for both registered and brand new users. We cannot find where the reference to “redirect” is coming from.

Applies To

  • Login
  • Web Application

Cause

The Redirection is not available on /oauth/token endpoint error commonly occurs when there is a redirect within Actions or Rules occurring on a flow that does not allow for a redirect, for example during a refresh token exchange…

Solution

In these scenarios, we recommend including some logic to bypass the redirection within the Rule or Action based on the protocol being used. For example:

function adhoc(user, context, callback) {
  if (context.protocol === "oauth2-refresh-token") {
    //skip the redirect for Refresh Token flow
    return callback(null, user, context);
  }
  // other logic before redirect
  context.redirect = {
    url: "https://example.com/foo""
  };
  return callback(null, user, context);
}
1 Like