Please see the image attached to this post. I am having trouble getting past it no matter what I try. I think i am not putting the right values in the Call Back URL field in the Application. Please help! Thanks
Joaquin
It’s hard to know without seeing your Auth0 setup and the type of connection you’ve configured/what your app is built on etc, however using the SAML tracer chrome plugin and looking at the network logs whilst testing your signup (as the url is in the bottom of your screen grab btw) it could be that your callback url is http where as your app 301s you to https… (the s being the difference)?
Thank you @JFoxUK . My app is built on Springboot, I have a custom domain and using a Database for authentication. I have a few redirect uri’s setup in the Callback field: http://localhost:3010/login/oauth2/code/okta, Please sign in , Please sign in
I am at a loss as to how to troubleshoot this issue. I hope these answers help. Let me know if I can provide more information.
Thanks!
From the HAR file, it looks like Spring is generating / using ''http://app.franflix.net/… as the redirect_uri but you dont have that in your callback list.
On the error page (earlier in this thread) the link goes to here without the brackets: [https://app.franflix.net/oauth2/authorization/okta\] should add that to the call back list?
Is this what your app is using? redirect_uri=https://app.franflix.net/login/oauth2/code/okta
Currently I don’t have that in my config file (application.yml). I will add it and see how it goes. Thanks! @JFoxUK
1 Like
Well sadly that didn’t help much! Hmm…..not sure where to go next.
where are you at? Are you able to check your Auth0 logs to see if they surface anything?
I looked at the auth0 logs and see nothing but successes. I also have enabled debug logging on my application and again, nothing interesting there. I believe the redirect uri is incorrect somewhere, but I need to confirm that during the authorization portion of the flow. I say this because when I click on the authorization link on the error page, everything works just fine.
Indeed, this appears to be a Callback URL issue at first sight, quite weird that none of the proposes solutions by @JFoxUK helped regarding the matter.
Could you please share more details about the type of application you are trying to use? Is it a Regular or SPA?
Besides using a custom domain, did you configure anything else for your application or are you trying to test the default authorization flow?
If possible, can you link a github repository with a dummy example of the app or let me know if you are using a sample application? Have you also tried testing the flow using one of our sample apps by any chance?
Kind Regards,
Nik
1 Like
Thank you! Its a Springboot app that started as clone from the default app. I do use a progressive profile after login. Outside of that, I am unaware of any settings that might be producing this behavior.
Locally all works well.
OK i fixed it up. I did the following:
- I added: RequestHeader set X-Forwarded-Proto “https” to apache2.
- Configured my springboot app witht his server configuration:
“server:
forward-headers-strategy: framework”
3. Removed all non https urls in the Callback URI list.
Thank you!
Joaquin
2 Likes
Thanks for letting us know!
It appears that your application was throwing the authorization error due to the due to unsecure headers(http → Mimicking a wrong callback url error).
Glad you could find this and hope to see you around!
Kind Regards,
Nik
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.