In our Application URIs settings, I am not sure why our domain’s URL only works with HTTP and not HTTPS.
Previously, when using HTTPS,
https://canpersonalitychange.com
Auth0 would throw the Callback URL Mismatch. error and complain that the callback URL was set to http://canpersonalitychange.com.
Even after changing the callback and logout URLs to use HTTPS, and the AUTH0_BASE_URL to also use HTTPS, the application logs would still say that http://canpersonalitychange.com was being used.
Even more strange, after changed the callback and logout URLs to be something completely different, Auth0 would still throw the Callback URL Mismatch. error and in the logs I would see that the URL http://canpersonalitychange.com was incorrectly being used.
Thus, I am no sure how to resolve this issue given that Auth0 only seems to use the HTTP URL, http://canpersonalitychange.com, and not the HTTPS URL, even after I reconfigure my callback URL and logout URL to use https://canpersonalitychange.com.
Thank you for posting regarding the issue that you are facing with your callback URLs.
I am sorry about the late reply to your inquiry.
As far as I have checked on your tenant, the Allowed Callback URLs and Allow Login URLs still seem to be under http:// instead of https://.
You can also check that your login request does not parse a different URL for the redirect_uri than the one expected in the Callback URL. I recommend checking your /authorize request, specifically the redirect_uri query parameter, to make sure the URL points to the URL specified in your Allowed Callback URLs of your Application’s settings
As an alternative, you can attempt to force the HTTPS as follows:
Otherwise, if you are still facing issues with your page being redirected to the wrong URL while using custom domains, please review this Knowledge Article regarding possible issues with certificates.
If you are still having an issue or any other questions, feel free to reply back to this post.