New to Auth0, coming from Firebase Auth (which I have to say is far simpler; anyway). I’ve finished setting up Auth0 on our test site and authentication with various social connections works, but the Network tab in DevTools showed repeated requests to
https://civility-app.auth0.com/authorize?client_id=...&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fweb.civility.social%2Fauth%2Fcallback%2F&scope=openid%20email%20profile&state=...&nonce=...&response_mode=web_message&prompt=none&auth0Client=...%3D failing with 400 Bad Request. The response was an HTML page that contained the error in the title of this post, and I see that error in the logs as well:
The specified redirect_uri ‘https://web.civility.social/auth/callback/’ does not have a registered origin.
I couldn’t find where “registered origins” are configured, but we do have that URL configured among the Allowed Web Origins:
Allowed Web Origins should only contain URLs with schema, domain and port, no other paths. So, only http://localhost:8080.
If Auth0’s mission is to “Rapidly integrate authentication and authorization for web”, can you guys please validate the URLs in that box, and display an error if they contain paths? Both myself and the other poster have wasted a lot of time, when Auth0 could easily prevent this by validating that input against a regexp.
Also, that error message could be more useful. Right now, it’s pretty misleading. My reaction to it was to add the URL to the origins, when in fact that was the wrong thing to do, if Allowed Web Origins is not supposed to contain URLs with paths.
And lastly, if the error refers to the Allowed Web Origins field, it would help to mention exactly that instead of “registered origin”. Auth0 is sufficiently complicated that hunting for a “registered origin” setting if you’re a new user, isn’t exactly fun.