I am using Auth0 to integrate Python Dash applications with Auth0. I am using this wrapping:
dbrambilla13/dash-auth0-auth (github.com)
My app is deployed in AWS ECS behind an ALB and I’m using CloudFlare as the DNS provider. All this works perfectly for most users in Chrome and Edge, but some users are experiencing problems. I’m only able to reproduce in Firefox, so I’m looking there at the moment.
When I first visit the page, I’m asked to login (via an Azure AD integration) and then it redirects and bounces back and forth a few times before complaining like this:
Here is the network log:
I’ve blanked out my domain - I hope this isn’t necessary to debug the problem. You can see that from my page there is a redirect to my auth0 domain (dev-ep515…) with response_type=code and this sends back to callback (on HTTP), which itself redirects to the equivalent on HTTPS and this bounces back to my auth0 domain forever. It does look as if between HTTP and HTTPS the “callback” part of the URL has been stripped - is this needed?
After some Googling, I did find a suggestion to set “Always use private browsing mode” in the history section of Firefox’s Privacy and Security settings and that fixes the problem. Now it looks like this:
but I’m not sure this explains why some users are experiencing problems with Edge and Chrome. I guess there could be a problem with dash-auth0-auth
but I’d appreciate any pointers on where to look.