Problem statement
An authentication flow is ending with this redirection and we don’t understand what is causing it:
https://customerDomain.com/login?iss=https%3A%2F%2Faccounts.daycos.com%2F
Symptoms
There’s an unexpected 302 redirect when application is redirected to the ‘/u/login’ route on their Auth0 Domain.
Cause
Redirecting that endpoint is expected when initiating a login from a 3rd party application (such as curl in this instance). The ‘iss’ param being returned is to let the client (application) know which OIDC IdP the request had been intended for. More on that spec can be found here:
Solution
This is expected behavior when attempting to login using a 3rd party app/service. Login transactions should be initiated by the RP (application) itself and not on behalf of another service.