Hello all,
I’m currently in the process of creating a B2B SaaS application that requires each customer to have a separate tenant which is an entirely separate server.
I’m running an Apache server to host the front-end that passes API calls back to a Node backend.
My Apache mod_auth_openidc configuration is below
OIDCProviderMetadataURL https://[MY DOMAIN].us.auth0.com/.well-known/openid-configuration
OIDCClientID ${APACHE_OIDC_CLIENT_ID}
OIDCClientSecret ${APACHE_OIDC_CLIENT_SECRET}
OIDCScope “openid name email”
OIDCRedirectURI “https://[CLIENT].[PRODUCT NAME].com/redirect-uri”
OIDCCryptoPassphrase ${APACHE_OIDC_CRYPTO_PASSPHRASE}
I have “https://{organization_name}.[PRODUCT NAME].com/redirect-uri” specified as a valid callback in Auth0, yet when I try to login I get the following error
Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.
Please go to the Application Settings page and make sure you are sending a valid callback url from your application.
However, when I hardcode the subdomain for the client in as an allowed redirect uri: https://[CLIENT].[PRODUCT].com/redirect-uri, then it works- however it works for ALL users in my Auth0 domain, not just the ones that are part of the target organization.
Any help would be greatly appreciated, thank you!