Redirect to native application after successful device flow

Overview: During the user sign-up / sign-in (authentication) workflow which originates in a native (mobile) application, the user is redirected to a web browser and when the authentication is complete, the user is redirected to the native application. We are making use of the device flow, and we would like a similar experience for the user where after confirming the device code, the user is redirected to the native application. Is it possible to redirect users to the native application after a successful device flow?

Background: Based upon the discussion here, we believe that this should be possible. We know that this should be implemented as an Action rather than a Rule, but are implementing a Rule at this time as a proof of concept (translation from the Rule to the Action is straightforward enough based upon the documentation and other discussions in the community). We have implemented the following Rule in our Auth0 tenant, using the same callback as was established for the authentication workflow:

function (user, context, callback) {
   if (context.protocol === 'oauth2-device-code') {
          context.redirect = {
      url: ''
   callback(null, user, context);

Problem: When executing the device flow, the native application does not complete the device flow and instead shows the following in the browser: Invalid redirect URL

We’re probably missing something obvious here - any direction, documentation, or advice would be appreciated.



  1. The authorization workflow makes use of a query string parameter to redirect the user after authorization, in the format &
  2. The limitations to the device flow state that query string parameters cannot “be accessed from hosted login page or rules”.

Assuming that the “hosted login page” is the browser page visited by the user on their smartphone or computer, it would appear that we cannot make use of a redirect URL within a request to ensure that the device flow returns the user to the originating application. Furthermore, the redirect rule referenced above is inserted within the device flow, not at the end of the flow as desired.

Is there an Auth0 action we can use to redirect the user after the device flow is complete? Or can someone confirm whether or not this behavior is supported by Auth0?