Redirect Uri coming from unknown source

Get Help
,
1

Hi there,

I am using .net to redirect users to the login page. The code for doing that looks like this:

[ApiController]
[Route(“api/[controller]”)]
public class AccountController : ControllerBase
{

[EnableCors(“InternalCalls”)]
[HttpGet(“Login”, Name = “Login”)]
public async Task Login(string returnUrl = “https://.net/select”)
{
var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
.WithRedirectUri(returnUrl)
.Build();
await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);

}
}

Now for some reason, when I hit up the URL to login, it says “Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.”

I checked the logs and the redirect_uri is shown as https://.net/callback instead of aforementioned https://.net/select. I have no idea where this uri is coming from. The code is clearly calling the redirect_uri with the return URL.

Where is this uri coming from?

2

Hi,

The issue is that redirect_uri is set to https://.net/callback, which is likely your app’s default Auth0 callback URL. The returnUrl (https://.net/select) you’re passing is not used as the redirect_uri directly, but as a parameter to redirect after the callback completes.

Solution:

  • Add https://.net/callback to your Auth0 “Allowed Callback URLs”.
  • If you want to use https://.net/select directly as the redirect_uri, set it explicitly in AuthenticationProperties, and also add it to your allowed callbacks in Auth0