Receiving "Bad Request" page after user authenticates

My call back URL is https://.com/callback, and when my users authenticate I get a ‘Bad Request’ string on the page. If one goes to the URL and deletes /callback it then redirects them to my application home page.

I have tried editing my call back URL to https://.com/ and then I recieve and error that says, “https://<my-domain.com/callback” isn’t included in the valid list of call back urls. Any ideas on what I am doing wrong? On my local host I do not get this error.

Hi @michael16,
Welcome to the Auth0 Community!

This sounds like some combination of callback URL mismatches. Can you please record a HAR of the failed transaction and send it to me in a DM?

1 Like

I have the HAR file, not sure how to send it to you via DM, however.

** UPDATE I have received the basic badge and am able to send messages now. I have sent you the HAR file via DM.

@michael16,

Thanks, I’ll take a look at it tomorrow.

1 Like

Hi @michael16,

There is some odd behavior in the HAR you sent me. Can you share how you’ve implemented auth0 in your application?

auth0_config

And what SDK/version?

My app is a node express server.

Let me know the auth module and version

“express-openid-connect”: “^2.5.2”,

Can you try adding the module install code to your app file? Your app should be erroring out if this isn’t present.

const { auth } = require('express-openid-connect');
const { auth, requiresAuth } = require("express-openid-connect")

I do have this line of code at the top of my server.js file.

Great. Everything else you shared looks standard to the node quickstart.

Is there anything else your app is doing? It looks like the profile is returned successfully. after the error.

I did follow the quick start guide and I do not get the bad request page when I run the app from my localhost.

My application does get the bad request page each time a new user logs in for the first time or a existing user logs in with a different client. After the user refreshes the page they no longer get the problem, granted they continue to use the same browser.

The other weird thing too is that you can’t simply use the refresh button, you have to manually place your cursor in the URL box and hit enter.

Here is a screen shot of what the browser shows after the first log in attempt. I have recreated the error in a incognito window.
bad_request

Any more info on how I may resolve this issue? Thank you.

How have you deployed your app when you do get the error?

This sounds like a browser specific issue. Have you tried to see if the error happens in other browsers?

My app is deployed from an EC2 instance on AWS.

Have you tried to see if the error happens in other browsers?

Yes, the error occurs in chrome, brave, firefox and edge.

Ok, I’m not sure if I did anything, but now it looks like I don’t get the error in Firefox or Brave, but it continues in Edge and Chrome.