We’re using hosted pages in our project, which live on a sub-domain of ours. When the user ends up at such a page and manually removes everything after the first / from the URL, a redirect would take place to the toplevel domain. Why is that? Can this redirect be configured in a way?
Hey @jasperh!
As far as I know the order in which you put the Allowed Callbacks URLs matter. In case of SAML connections it takes the first callback URL. Don’t know if it can be configured somehow. Will discuss it and get back to you with the info!
Yep the product team approved what I said.
Let me know if that was what you were looking for!
I don’t think it does actually… Our configured allowed callback url contains the subdomain, but it gets redirected to the toplevel domain.
Can you share with me the screenshot of Allowed Callback URLs?
Cause I’m not sure if we get each other’s points and that will let us solve it I hope 
This would mean that if I’d manually go to https://auth-dev.meethue.com (the hosted auth0 pages), I’d be redirected to https://meethue.com.