Help: server_error: Unable to issue redirect for OAuth 2.0 transaction

I have 2 apps we are trying to get set up to use Auth0 and believe I have set up everything correctly in both. However, only one works, even though the configurations for both appear to be the exact same. Here is the error page I am redirected to in the second app (which does not work):

image1354×1322 67.1 KB

In the first, we are successfully able to redirect users to the Universal Login page, have them authenticate, and then be redirected to the redirect_uri we specify in our Auth0Provider options. However, in the second, we are redirected to the above error page.

Here are the configurations we are using in both apps:

REACT_APP_AUTH0_ISSUER_URL=<issuer-url>
REACT_APP_AUTH0_CLIENT_ID=<client-id>
REACT_APP_AUTH0_AUDIENCE=<api-url>
REACT_APP_AUTH0_REDIRECT_URI="http://localhost:3003/user/callback"
REACT_APP_AUTH0_SCOPES=<scopes>

We are then using these environment variables and assigning them to our Auth0Provider like this:

const auth0config = {
  domain: REACT_APP_AUTH0_ISSUER_URL,
  clientId: REACT_APP_AUTH0_CLIENT_ID,
  audience: REACT_APP_AUTH0_AUDIENCE,
  redirectUri: REACT_APP_AUTH0_REDIRECT_URI,
  scope: REACT_APP_AUTH0_SCOPES,
};

function Auth0Wrapper({ children }) {
  return <Auth0Provider {...auth0config}>{children}</Auth0Provider>;
}

In the second failing app, I have verified the the redirect_uri is valid and is set as an Allowed Callback URL and it exactly matches what we’re using in the above configuration, however I’m still getting sent to that error page.

Any help on this would be greatly appreciated, and if there is any other context I could provide that would be helpful I would be happy to elaborate.

I am running this on:

• MacOS Ventura 13.0
• Chrome 110.0.5481.77 (Official Build) (x86_64)
• Node v12.18.1
• auth0/auth0-react ^2.0.0

EDIT:
I have taken a look at these issues already to see if I was making the same mistake but they appear to be unrelated:

• Possible causes for "Unable to issue redirect for OAuth 2.0 transaction"?
• “Unable to issue redirect for OAuth 2.0 transaction” using a database connection (but Social Provider works) - #6 by skllpara

Hi there @drew.daniels welcome to the community!

Interesting If you inspect the network tab during the login flow for both apps, do both of the calls to /authorize look the same? I’d be happy to take a look if you want to share them here - Feel free to redact any non-related params.

Keep us posted!

Hi @tyf thanks for taking a look into this!

I’m glad you mentioned that - it looks like in the first app:

• The domain is set to the domain of our primary-auth0-application
• The redirect_uri param is set to http://localhost:3003/user/callback

However in the second app:

• The domain is set to a separate Auth0 app we are using as an IDP.
• The redirect_uri param is set to the domain of our primary-auth0-application

First app:

https://<primary-auth0-app-domain>/authorize?audience=<audience>&scope=<scopes>&client_id=<client-id>&redirect_uri=<url-encoded-redirect-uri>&response_type=code&response_mode=query&state=<state>&nonce=<nonce>&code_challenge=<code-challenge>&code_challenge_method=<challenge-method>

Second app:

https://<secondary-idp-domain>/authorize?client_id=<client-id>&scope=<scopes>&response_type=code&redirect_uri=<primary-auth0-app-domain>&response_mode=query&state=<state>

This leads me to think maybe theres some misconfiguration with the Auth0 app we’re using as an IDP, but the Allowed Callback URLs setting there shows that both the redirect_uris of our primary-auth0-app-domain and http://localhost:3003/user/callback are allowed.

I should maybe mention that in the first app, I have an existing session so I am able to skip the Universal Login screen, and in the second (failing) app, I do not. Maybe this has something to do with why the /authorize request in the second app is missing some parameters that are included in the first.

Figured out what the issue was.

My first working app was using v1 of auth0/auth0-react whereas my second was using v2, so this config which worked with v1 did not work in v2:

const auth0config = {
  domain: REACT_APP_AUTH0_ISSUER_URL,
  clientId: REACT_APP_AUTH0_CLIENT_ID,
  audience: REACT_APP_AUTH0_AUDIENCE,
  redirectUri: REACT_APP_AUTH0_REDIRECT_URI,
  scope: REACT_APP_AUTH0_SCOPES,
};

function Auth0Wrapper({ children }) {
  return <Auth0Provider {...auth0config}>{children}</Auth0Provider>;
}

Instead, it should be:

const auth0config = {
  domain: REACT_APP_AUTH0_ISSUER_URL,
  clientId: REACT_APP_AUTH0_CLIENT_ID,
  authorizationParams: {
    audience: REACT_APP_AUTH0_AUDIENCE,
    redirect_uri: REACT_APP_AUTH0_REDIRECT_URI,
    scope: REACT_APP_AUTH0_SCOPES,
  }
};

function Auth0Wrapper({ children }) {
  return <Auth0Provider {...auth0config}>{children}</Auth0Provider>;
}

I had not realized there breaking changes in the latest update (my mistake), but it would have been nice if there were more descriptive errors thrown - although maybe the error I received should have been enough to indicate that something was wrong with my configuration of redirect_uri.

v1 to v2 migration guide

Hey @drew.daniels!

Sorry for the delayed response, but good to know you were able to get this sorted and thanks for following up with the community! I’m sure this will help others moving forward

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.