POST /continue endpoint after redirect returns 401 Unauthorized

I have a rule that redirects the user to my domain, this is the rule:
function (user, context, callback) {
const jwt = require(‘jsonwebtoken’);
const token = jwt.sign({
user_id: user.user_id,
email: user.email
}, configuration.sharedSecret, {
audience: ‘http://localhost:8080/auth/redirect_rule’,
issuer: ‘auth0/rule’,
});
context.redirect = {
url: http://localhost:8080/auth/redirect_rule?token=${token}
};
return callback(null, user, context);
}

Some stuff gets added in my backend and then, still in the backend, I POST to the /continue endpoint the status and a JWT in the body as described in https://auth0.com/docs/rules/redirect-users to return some data back to the rule.

Example:
URL:
https://MY_OAUTH0_DOMAIN.us.auth0.com/continue?state=g6Fo2SBWdWRwd1Ayd3JYMjJfeVBLOTNRVWZPaE9yWjU5cjZIUKN0aWTZIEhpbDR1UlJLNExZckxMZDBNY3JwUUFiVktDVmtYcEcto2NpZNkgWEpFR2NuRzRRVjNrQmFUc2U4RTRkWkhGanZYZGx0Mm8
Headers:
“Content-Type”, “application/x-www-form-urlencoded”
Body:
token=eyJhb…

Auth0 responds to this call with a 401 status.

One thing I found works is when my backend returns 302 and redirects IMMEDIATELY back to the continue endpoint, however, this doesn’t let me add a body so it doesn’t solve the problem.

Am I missing something here? Thank you.

Would it be possible for you to capture an HTTP trace (HAR), redact any information you deem sensitive and share it here? This could allow a much more detailed review of the situation and also to confirm for sure how exactly the steps are being performed when you experience the error.

Hello, @jmangelo, in the end, we opted for a 302 Redirect because it ended up being compatible with our use case. You may close this question.