Redirect_uri seems to be wrong

Hi, Please see the application I have setup in " Salesforce OpenId Connect 2" app for authenticating users login from salesforce application.

I have created a Auth Provider in salesforce, and since I have communities enabled the callback URL I have put it in the “Allowed Callback URLs” Auth0 app is
https://linkedin-customer-developer-edition.na85.force.com/css/services/authcallback/Auth0
I added Auth0 to my community login page, but whenever I am clicking on the Auth0 I am always getting my redirect_uri as
https://login.salesforce.com/services/authcallback/00D1U000000DiuWUAS/Auth0
even if I put http://localhost:3000 it is still the login.salesforce.com.

Can someone please help me find out where from the redirect_uri is picked up.

For your reference,

``https://dev-2xjf75by.us.auth0.com/authorize?response_type=code&client_id=spqKYK1nHx6bnD4TFtjCDlo9wJBcUfld&
redirect_uri=Problem Logging In | Salesforce
type or paste code here

Hi @arup.sarkar,

Thanks for reaching out to the Auth0 Community!

I have just taken a look at your Salesforce OpenId Connect 2 Regular Web App and found nothing wrong with the configuration. The Allowed Callback URL is the same one you provided in your post.

Next, when looking closely at your /authorize request, I noticed that the issue is with the redirect_uri that you have used.

Specifically, it is referencing redirect_uri=https://login.salesforce.com/services/authcallback/00D1U000000DiuWUAS/Auth0.

In this case, I recommend you change the redirect_uri in your /authorize request to the same Callback URL that you are expecting from your app: redirect_uri=https://linkedin-customer-developer-edition.na85.force.com/css/services/authcallback/Auth0.

After making this change, your application will redirect your users to the correct URL.

For more information, please read our Redirect Users documentation.

Please don’ hesitate to let me know if there’s anything else I can do to help.

Thank you.

Thank you @rueben.tiow ,

where do I change the redirect_uri to point to the right one, I thought that the allowed callback URL will be the redirect_uri. Can you please point me to the application settings of the redirect uri.

Thank you

Hi @arup.sarkar,

Thank you for your response.

The redirect_uri is configured in your app’s code. In your initial post, you shared your /authorize request performing an authorization code flow. In this case, you will have to modify the request in your code to look like the following:

https://dev-2xjf75by.us.auth0.com/authorize?
    response_type=code&
    client_id=spqKYK1nHx6bnD4TFtjCDlo9wJBcUfld&
    redirect_uri=https://linkedin-customer-developer-edition.na85.force.com/css/services/authcallback/Auth0&
    scope=openid+profile+email&
    state=CAAAAX4sAzLjMDAwMDAwMDAwMDAwMDAwAAAA6pfjIVoMHjMEYyltK42-pdhuC4PrkLsBTwo5xyvlJMrrziiOvgNaNKM3H5w6Wsk4nszdwg02rsqHVg-zvBNnMH523VzfjomnmUCbz9IjBpjqRHHtXJoHE37MQwcfOhAgA2Qb7kKRq-AIZrwk0ty4871dK0B5U50MACU0kBo9vZ5oUEo83BsBBfqGskI_kjA0lMMfAEF7IlsNetl9P46itP5FcyACtIO8XQQ8XHUF73balBkc3Sy-CmYrlTWbmgK_w6FcNMl7i9SxrU6Yf9DZ-n0iDjpTRNjsX1PRHeS5iMww8kT6qkbc_oNZwQBJM-m4f9x8uY8st5FepFaIsmvybU4ymwQSP0qY3INQOZ1mb_BH

You can also test the login by copying and pasting the URL above in a web browser. You will notice that the user gets redirected to the correct redirect_uri after successfully logging in.

Please let me know how this goes for you.

Thanks.

Hi @rueben.tiow, I modified my code as you mentioned. Also created a brand new Customer Web App in Auth0 for this POC.

I actually developed a SPA using

@auth0/auth0-spa-js": “^1.19.4”
Putting in the essential code pieces

const isAuthenticated = await auth0.isAuthenticated()
const options = {
redirect_uri: ‘http://localhost:3000
}

await auth0.loginWithRedirect(options)

Problem 1: My isAuthenticated is always false, and I believe the reason being I am NOT redirected to the URL I have configured in my app’s Allowed Callback URL which is http://localhost:3000

After the auth0 interface pops up for login, I am always getting the following URL
http://localhost:3000/?code=abcd&state=1234abc
I have updated the code and state.

Q) Why am I not redirected to http://localhost:3000 ?

Hi @arup.sarkar,

Thank you for your response.

Based on the URL you shared, you redirected to http://localhost:3000 successfully. The code and state parameters are expected as part of the response. You can see an example of it here.

Note that if the redirect_uri in your request does not match one of the Allowed Callback URLs on your application settings, you will get an error.

With that said, the http://localhost:3000/?code=abcd&state=1234abc response URL is correct and to be expected.

The next step is to request the tokens using the code you obtained.

Hoped this helps!

Thanks.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.