Problem statement
When using the embedded login with a web application and we are encountering an issue that we cannot pinpoint or find answers online. Basically we are getting:
{
error: 'invalid_request',
error_description: 'Redirection is not available on /oauth/token endpoint.'
}
This is what we are sending through, as per the examples:
{
"client_id": "...",
"client_secret": "...",
"grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp"",
"username": "******",
"otp": "*****",
"realm": "email",
"audience": "https://*****"",
"scope": "openid profile email"
}
However, this is always resulting in the error. This is occurring for both registered and brand new users. We cannot find where the reference to “redirect” is coming from.
Cause
- The ‘Redirection is not available on /oauth/token endpoint’ error commonly occurs when there is a redirect within Actions or Rules occurring on a flow that does not allow for a redirect, for example during a refresh token exchange.
Solution
In these scenarios, we recommend including some logic to bypass the redirection within the Rule or Action based on the protocol being used. For example:
function adhoc(user, context, callback) {
if (context.protocol === "oauth2-refresh-token") {
//skip the redirect for Refresh Token flow
return callback(null, user, context);
}
// other logic before redirect
context.redirect = {
url: "https://example.com/foo""
};
return callback(null, user, context);
}