Login in production not working

I’m trying to deploy my nodes app on Heroku. I can login in locally but on the deployed app, after clicking login it just loops back to the login page. My Auth0 log shows Successful login but the app doesn’t redirect to the index page

2 Likes

Anything (errors) to see in the browser’s developer toolbar > console? And I assume you’re running on https (not http).

Yes i am running on https I resolved the issue by adding this

if( app.get("env") === "production"  ) 
 {

	sess.cookie.secure = true;
	app.set("trust proxy", 1);
}

But now i have an issue logging out.
This is the auth0 error detail:

The “returnTo” querystring parameter “https://lance-events.herokuapp.com:47648” is not defined as a valid URL in “Allowed Logout URLs”.

You need to configure the Allowed Logout URLs in your Application in the Auth0 Dashboard, setting it to https://lance-events.herokuapp.com:47648/

That didn’t help. The number 47648 keeps changing

The “Allowed Logout URLs” field unfortunately (or from a security perspective: luckily) doesn’t allow wildcards for the port number. But surprised: are you saying that the port of your webapp frequently changes, and there’s no way to make it a fixed number, or even the proper default 443 port for https ?

In any case, it either needs to be a fixed URL on Heroku side, or you’d need to add a list of URLs with all possible port numbers (yes, can be in the hundreds or thousands) to the Allowed Logout URLs list; whatever space that text input field allows - though that’s really not my recommended approach.
That’s the only way to configure this though.

Hello. How did you solve this issue?

This FAQ explains the cause and solution for the below error, so link it to this topic.

invalid_request: The "returnTo" querystring parameter "[https://YOUR_URL"](https://YOUR_URL)" is not defined as a valid URL in "Allowed Logout URLs"

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.