Invalid redirect URL even if state paramater addedd

csokan.raul89 · November 22, 2024, 10:27am

Greetings again, @dawid.matuszczyk @rueben.tiow

The question is, that is this code from my action legit, becasue I always receive Invalid Redirect URL when launching my post-login action:

exports.onExecutePostLogin = async (event, api) => {
  if (event.user.app_metadata["demo_account"] === true && 
   event.user.app_metadata["had_demo"] === false && 
   event.user.app_metadata["demo_expired"] == false && 
   event.user.app_metadata["db_record"] === false) {
    const id = event.user.user_id;
    const email = event.user.email;
    const state = event.transaction?.state
    api.redirect.sendUserTo(`${event.secrets.MAIN_DOMAIN}/verify?auth0Sub=${id}&email=${email}&state=${state}`);
   }
};

exports.onContinuePostLogin = async (event, api) => {
  const state = event?.transaction?.state
  api.user.setAppMetadata("db_record", true);
  api.redirect.sendUserTo(`${event.secrets.AUTH0_ISSUER_BASE_URL}/continue?state=${state}`);
};

The reason I don’t understand the error, that when I simply copy-paste the url from the ExecutePostLogin function, it just works, but when launching through Auth0 tenant url, it’s not working.

What am I missing here?

Help is much appreciated!

rueben.tiow · November 22, 2024, 9:11pm

Hi @csokan.raul89,

The error you experienced seems to originate from the redirect URL you used.

I am unable to verify what values you have set for your event.secrets.MAIN_DOMAIN; however, the error indicates that there is an issue with the URL that you are trying to redirect to.

In this situation, I recommend ensuring that the URL is valid by debugging it with console.log() statements and using the Real-time Webtask Logs Extension during a regular login flow.

Please also ensure that your URL includes http:// or https:// prepended in the URL.

Thanks,
Rueben

csokan.raul89 · November 23, 2024, 6:49am

Well, the MAIN_DOMAIN should be http://localhost:3000 and the AUTH0_ISSUER_BASE_URL is my tenant address.

Here’s what I get in the browser:
In the URL bar it’s my tenant address with the authorize endpoint and other parameters,
while instead of the page this is what i get:

Invalid redirect URL http://localhost:3000/verify?auth0Sub=REDACTED_USER_ID&email=REDACTED_EMAIL&state=REDACTED_STATE

And I noticed that state value is the same as it was yesterday when I tried it.

The main idea that occurred to me right now, is that to redirect the user from the post-login action to this custom verification page with the user_id and email as parameters and create a database record out of it, then inside this custom page i add a redirect command to the AUTH0 tenant address with the continue endpoint + the state extracted from the previous step, ubt no lcuk either.

Topic		Replies	Views
Getting random "Invalid State" error for some visitors on callback redirection Help	0	1180	October 5, 2022
Event.transaction.state not same sent to redirect Help login-experience , login-prompt-new-experience	1	313	March 13, 2024
Error: Invalid state after organisation invite redirect Help login-experience , new-universal-login-experience	0	321	March 5, 2024
Session token is invalid Help extensibility , actions-extensibility	1	820	March 13, 2024
Problems with postlogin actions Help login-experience , signup-prompt-new-experience	6	1871	May 14, 2024

Invalid redirect URL even if state paramater addedd

Related topics