Issue with Blank Pages with CallbackPath

Hi there,

I am using the Auth0 Authentication API (v5.10.0) on the .NET Core 2.1 platform, with a similar configuration offered in the quick-start guide. Our landing page has a login button that uses Auth0 lock to provide the login form.

The authentication works great when it is used as intended, however I noticed some odd behavior that is affecting our users. For example, once a user has logged in and they click back too many times, they may accidentally navigate to the URL which was configured as the Callback URL for Auth0, and it just gives a blank white page.

Also, if the user bookmarks the Auth0 login page (lock), they may have an issue where after they sign in they just get sent to the callback page (the blank page I was just referring to), and have difficulty accessing the application.

My question is: If a user somehow navigated to the Auth0 Callback page, instead of it just displaying a blank white screen, how can I configure this page to redirect back to another page of my choosing (like the home page)?

This is because the /login page, once a login occurs, the ‘state’ parameter is missing and so when the page tries to call the /authorize URL it will error. The state parameter is used to mitigate CSRF attack and so during authentication, the application sends this parameter in the authorization request, and the Authorization Server (Auth0) will return this parameter unchanged in the response. More info can be found here:

In cases where this error is thrown, you could try configuring a custom error page in the application from tenant settings , then handle the error by initiating a new login by calling the /authorize endpoint.