Invalid redirect_uri expected string got undefined

Hi everyone, new person here.

I can’t quite figure as to why I keep getting a redirect uri error. I tried the localhost example from the documentation and it worked fine, but deploying to my cloud app has been a tricky. Tried googling and found one other article that seemed related, but to no avail. Also took a look at the API documentation for that specific method and used the inspect module to maybe get more info. I’m at a loss haha. Anything glaring anyone seeing?

Reference - Invalid_request: Invalid redirect_uri. Expected type 'string' but found type undefined

Code (Error happens specifically on line 68) -

Live Example -

Hi @hauscloud and welcome to the Community! :tada:

Would you mind linking the documentation you were looking at when you set up this application? I’d also like to confirm you’ve added the callback to your Allowed Callback URLs for your application? Additionally have you looked over this doc on redirecting users after login authentication?

Once I have a better idea of the specific documentation or SDK you’ve referenced I may be able to offer some more guidance and have a better idea of what you’re looking to achieve.

All the best,

Hi Colin,

Thanks for the reply. I figured it out after a bit more testing and reading the docs.

1 Like

Hey there @HausCloud!

Great to hear that. Can you share for the benefit of others how you solved it? Thanks!

Hi @HausCloud,

I am also having the same issue. I cloned the example from, and modified the client id, domain, client secret and callback url in the .env file. In the Auth0 application settings, I added the


in Allowed Callback URLs and


in Allowed Logout URLs.

Once I run the server and login via my gmail, I get the invalid redirect_uri message.

Any ideas?


Hi paul2020nz,

Double check that your callback and logout are the same. I originally just had a typo, but now I believe the issue is that my website is not using https and it fails randomly. The issue has not be resolved according the post below:

If anyone has any idea if there is a workaround or https is a hard requirement for it to work 100% of the time (which is kind of inconvenient).