POST /continue endpoint after redirect returns 401 Unauthorized

dorquin · September 13, 2020, 2:24am

I have a rule that redirects the user to my domain, this is the rule:
function (user, context, callback) {
const jwt = require(‘jsonwebtoken’);
const token = jwt.sign({
user_id: user.user_id,
email: user.email
}, configuration.sharedSecret, {
audience: ‘http://localhost:8080/auth/redirect_rule’,
issuer: ‘auth0/rule’,
});
context.redirect = {
url: http://localhost:8080/auth/redirect_rule?token=${token}
};
return callback(null, user, context);
}

Some stuff gets added in my backend and then, still in the backend, I POST to the /continue endpoint the status and a JWT in the body as described in Redirect Users from Within Rules to return some data back to the rule.

Example:
URL:
https://MY_OAUTH0_DOMAIN.us.auth0.com/continue?state=g6Fo2SBWdWRwd1Ayd3JYMjJfeVBLOTNRVWZPaE9yWjU5cjZIUKN0aWTZIEhpbDR1UlJLNExZckxMZDBNY3JwUUFiVktDVmtYcEcto2NpZNkgWEpFR2NuRzRRVjNrQmFUc2U4RTRkWkhGanZYZGx0Mm8
Headers:
“Content-Type”, “application/x-www-form-urlencoded”
Body:
token=eyJhb…

Auth0 responds to this call with a 401 status.

One thing I found works is when my backend returns 302 and redirects IMMEDIATELY back to the continue endpoint, however, this doesn’t let me add a body so it doesn’t solve the problem.

Am I missing something here? Thank you.

jmangelo · September 14, 2020, 1:59pm

Would it be possible for you to capture an HTTP trace (HAR), redact any information you deem sensitive and share it here? This could allow a much more detailed review of the situation and also to confirm for sure how exactly the steps are being performed when you experience the error.

dorquin · September 14, 2020, 7:41pm

Hello, @jmangelo, in the end, we opted for a 302 Redirect because it ended up being compatible with our use case. You may close this question.

jiangdev90 · June 3, 2021, 10:46am

Hello. @jmangelo.
I just followed the step from rules/redirect-rules/simple at master · auth0/rules · GitHub
Hosted webtask.js on heroku.
Created rule on Auth Pipeline.
After user sign up, auth0 redirects to the consent form properly.
Once user submits consent form, it switches user to the auth /continue with the state, but I got Unauthorized 401 error.
I tested it works on local environment (ex. localhost:3000), but got Unauthorized error on production environment.

Thank you.

jiangdev90 · June 3, 2021, 9:49pm

I solved.
Wrong auth domain was set.

Topic		Replies	Views
401 Unauthorized error when calling /continue endpoint after a redirect from the rules Knowledge Articles redirect-rules	1	4435	January 13, 2022
Login Redirect /continue endpoint returns 401 Help rules , redirect-rules , redirect	4	3588	March 31, 2023
/continue returning 401 - how to catch that error to redirect the user somewhere else Help rules , redirect-rules , 401	7	4153	April 8, 2022
Redirect rule continue returns unauthorized Help redirect-rules	6	6030	February 16, 2019
Help with Action Redirects Help extensibility , deploy-cli	2	1878	January 8, 2024

POST /continue endpoint after redirect returns 401 Unauthorized

Related Topics