POST /continue endpoint after redirect returns 401 Unauthorized

I have a rule that redirects the user to my domain, this is the rule:
function (user, context, callback) {
const jwt = require(‘jsonwebtoken’);
const token = jwt.sign({
user_id: user.user_id,
email: user.email
}, configuration.sharedSecret, {
audience: ‘http://localhost:8080/auth/redirect_rule’,
issuer: ‘auth0/rule’,
});
context.redirect = {
url: http://localhost:8080/auth/redirect_rule?token=${token}
};
return callback(null, user, context);
}

Some stuff gets added in my backend and then, still in the backend, I POST to the /continue endpoint the status and a JWT in the body as described in Redirect Users from Within Rules to return some data back to the rule.

Example:
URL:
https://MY_OAUTH0_DOMAIN.us.auth0.com/continue?state=g6Fo2SBWdWRwd1Ayd3JYMjJfeVBLOTNRVWZPaE9yWjU5cjZIUKN0aWTZIEhpbDR1UlJLNExZckxMZDBNY3JwUUFiVktDVmtYcEcto2NpZNkgWEpFR2NuRzRRVjNrQmFUc2U4RTRkWkhGanZYZGx0Mm8
Headers:
“Content-Type”, “application/x-www-form-urlencoded”
Body:
token=eyJhb…

Auth0 responds to this call with a 401 status.

One thing I found works is when my backend returns 302 and redirects IMMEDIATELY back to the continue endpoint, however, this doesn’t let me add a body so it doesn’t solve the problem.

Am I missing something here? Thank you.

Would it be possible for you to capture an HTTP trace (HAR), redact any information you deem sensitive and share it here? This could allow a much more detailed review of the situation and also to confirm for sure how exactly the steps are being performed when you experience the error.

Hello, @jmangelo, in the end, we opted for a 302 Redirect because it ended up being compatible with our use case. You may close this question.

Hello. @jmangelo.
I just followed the step from rules/redirect-rules/simple at master · auth0/rules · GitHub
Hosted webtask.js on heroku.
Created rule on Auth Pipeline.
After user sign up, auth0 redirects to the consent form properly.
Once user submits consent form, it switches user to the auth /continue with the state, but I got Unauthorized 401 error.
I tested it works on local environment (ex. localhost:3000), but got Unauthorized error on production environment.

Thank you.

I solved.
Wrong auth domain was set.