Receiving Callback URL Mismatch

dwood · December 29, 2025, 8:23pm

For our dev 1 environment, we’ve added the domain (example domain) to the list of allowed callbacks below and auth0 is treating the url like its not allowed. The url has periods in it, not sure if auth0 accepts its format or there is another issue at hand.

https://test-app.apps.rosa.cpg-rosa-poc.1234.p4.openshiftapps.com/auth/jwt_callback

gerald.czifra · December 29, 2025, 10:00pm

Hi @dwood

Thank you for reaching out to us!

Reading through your use-case, allow me to outline some of the more common reasons why this issue might be occurring on your end:

Auth0 is performing a literal string match, if your application is sending .../auth/jwt_callback/, but your dashboard has .../auth/jwt_callback set ( notice the trailing slash at the end), it creates a string mismatch and fails;
Depending on your environment, your application might be dynamically generating the redirect URL based on the headers and could be passing http instead of https.

My recommendation is to look at details of the error message received on your browser by clicking on " See details for more info" which will display the exact redirect_uri that Auth0 receives. You can copy this value and paste it in your application’s Allowed Callback URLs field; please keep in mind that multiple entries need to be comma separated.

In addition, please make sure that your application is not behind a proxy that could be stripping the https protocol before reaching Auth0, as this might also be changing the inbound redirect URL.

Allow me to share some useful documentations that could further assist troubleshoot the issue:

Please do not hesitate to reach out to us for any other issues or request.

Hope this helped, wishing you a great end of the year!
Gerald

dwood · December 29, 2025, 10:31pm

{
  "date": "2025-12-23T20:46:02.334Z",
  "type": "f",
  "description": "Callback URL mismatch. https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback is not in the list of allowed callback URLs",
  "connection_id": "",
  "client_id": "Fy...",
  "ip": ".....",
  "user_agent": "Chrome 142.0.0 / Mac OS X 10.15.7",
  "details": {
    "body": {},
    "qs": {
      "audience": "my-api-dev1",
      "client_id": "Fy....",
      "redirect_uri": "https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback",
      "response_type": "code",
      "scope": "offline_access"
    },
    "error": {
      "message": "Callback URL mismatch. https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback is not in the list of allowed callback URLs",
      "oauthError": "Callback URL mismatch. https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback is not in the list of allowed callback URLs. Please go to 'https://manage.auth0.com/#/applications/Fy..../settings' and make sure you are sending the same callback url from your application.",
      "payload": {
        "message": "Callback URL mismatch. https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback is not in the list of allowed callback URLs",
        "code": "unauthorized_client",
        "status": 403,
        "name": "CallbackMismatchError",
        "authorized": [
          "https://samltool.io/",
          "http://localhost:3000",
          "https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback"
        ],
        "attempt": "https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback",
        "client": {
          "clientID": "F...."
        }
      },
      "type": "callback-url-mismatch"
    },
    "session_id": "...."
  },
  "hostname": "my-dev1.us.auth0.com",
  "$event_schema": {
    "version": "1.0.0"
  },
  "environment_name": "prod-us-3",
  "log_id": ".....",
  "tenant_name": "my-dev1",
  "_id": ".....",
  "isMobile": false,
  "location_info": {},
  "id": "....."
}

gerald.czifra · December 30, 2025, 1:07am

Hi @dwood

Thank you for sharing the error message!

Looking at the details, I can see that the URL from the error message is not identical as the one that you initially shared. Not sure if this has been done to redact some information, but if this is not the case, I suggest adding the following URL in the allowed list as well and see if this fixes the issue :

https://test-app-openshift-gitops.apps.rosa.cpg-rosa-poc.8444.p4.openshiftapps.com/auth/jwt_callback

You can add both of these to the Allowed list, you will only need to separate them with a comma.

Let me know if this worked!

Best regards,
Gerald

system · January 13, 2026, 1:07am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Callback URL mismatch. "is not in the list of allowed callback URLs" Get Help auth0	2	41142	February 23, 2022
Callback urls Get Help callback-urls , callbacks	4	9231	March 2, 2018
Callback URI only working on localhost Get Help login-experience , signup-prompt-new-experience	0	1183	January 25, 2023
Callback URL uses http instead of https Get Help connections , passwordless-email-connection	5	4208	February 1, 2023
Callback URL mismatch (suddenly and seemingly inexplicably in localhost) Get Help callback-urls , callback	3	15263	July 19, 2019

Receiving Callback URL Mismatch

Related topics