Hi @dwood
Thank you for reaching out to us!
Reading through your use-case, allow me to outline some of the more common reasons why this issue might be occurring on your end:
- Auth0 is performing a literal string match, if your application is sending
.../auth/jwt_callback/, but your dashboard has.../auth/jwt_callbackset ( notice the trailing slash at the end), it creates a string mismatch and fails; - Depending on your environment, your application might be dynamically generating the redirect URL based on the headers and could be passing
httpinstead ofhttps.
My recommendation is to look at details of the error message received on your browser by clicking on " See details for more info" which will display the exact redirect_uri that Auth0 receives. You can copy this value and paste it in your application’s Allowed Callback URLs field; please keep in mind that multiple entries need to be comma separated.
In addition, please make sure that your application is not behind a proxy that could be stripping the https protocol before reaching Auth0, as this might also be changing the inbound redirect URL.
Allow me to share some useful documentations that could further assist troubleshoot the issue:
- Redirect Users;
- Callback URL Mismatch Error “{URL} is not in the list of allowed callback URLs”;
- Invalid Callback URL when Using SAML Flow;
- Callback URL mismatch error for local dev;
- Callback mismatch and wrong redirect_uri.
Please do not hesitate to reach out to us for any other issues or request.
Hope this helped, wishing you a great end of the year!
Gerald