This is kind of urgent and I’d really appreciate if someone can help with this. I’ve opened a support ticket as well.
Our application authenticates users with Auth0 using Github as the social Id provider.
The /authorize request to the auth0 tenant results in a 302 redirect to github.com. The value of location header in the 302 response contains url that contains a query parameter “redirect_url” which is always set to https://{auth0-tenant}.us.auth0.com/login/callback.
For example
https://github com/login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fdev-mytenant.auth0.com%2Flogin%2Fcallback&scope=blah&state=blah&client_id=blah
I’d like to use another url that points to our backend server in the redirect_uri field. How can I change this value?
In the larger context, we would like to request another access token from github with additional scopes. But from Github’s standpoint, there can be only be one callback url (https://mytenant.us.auth0.com/login/callback). We were hoping that we could change this url to our backend server. The backend would now receive all callbacks from github, and it would act only on callbacks used for requesting the access token with additional scope. For transactions involving user authentication, the backend would respond with a 302 and redirect the browser to https://mytenant.us.auth0.com/login/callback so that login can happen normally.
the following response from Auth0 employee to an older question seems to imply that we are on the right track (i.e. we need to request second token with additional scopes). But we can’t do it unless we can redirect github to our backend.