Redirect URL doesn't work

yzolotarev · October 6, 2017, 10:16pm

If I log in from my local host environment which is compiled with the auth0.WebAuth object looking like this:

auth0 = new auth0.WebAuth({
     clientID: 'adscsdcascascascasdcsdac',
     domain: 'webatom.auth0.com',
     responseType: 'token id_token',
     audience: 'https://api.webatom.com',
     redirectUri: 'http://localhost:5000/callback',        
     scope: 'openid profile'
 });

I want it to redirect the developer to the localhost.

If I log in (or the user logs in) from the production environemnt ie. from jtrade.pro I want them to be redirected to jtrade.pro/callback. Obviously the object in the production version looks like this (with a different redirect uri):

auth0 = new auth0.WebAuth({
    clientID: 'adscsdcascascascasdcsdac',
    domain: 'webatom.auth0.com',
    responseType: 'token id_token',
    audience: 'https://api.webatom.com',
    redirectUri: 'http://jtrade.pro/callback',        
    scope: 'openid profile'
});

As far as I understood, thats how you do it. Pass the uri and you will be redirected to the required page if the uri is whitelisted and comma separated in the client settings. Beautifull, I whitelisted and comma separated.

Last step, the hosted page.

var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
  auth: {
    redirectUrl:  config.callbackURL,
    responseType: 'token',
    params: config.internalOptions
  }

Redirect URL is set to config.callbackURL which is as far as I understood makes auth0 look into the whitelist and see if one of the provided uri is there and redirect the user if it is.

However, this doesn’t happen. Auth0 only redirects the user to the first uri in the whitelist. I can’t find a suitable solution for this issue. Hopefully someone ran into this situation as well.

jmangelo · October 9, 2017, 5:34pm

I took a quick look at the environment you linked to and the login action is being performed through an hardcoded URL similar to this:

<a href="https://[your_domain].auth0.com/login?client=yOqKcx...">Login</a>

There are a few thing wrong with doing the above, in particular:

you MUST NOT be navigating your end-users directly to /login endpoint; you SHOULD navigate to the /authorize endpoint instead.
you MUST include more parameters than just the client identifier when you navigate to the appropriate endpoint. In particular, if you want to use a specific redirect URL then you need to include the parameter.

You can quickly meet the above requirements if you use the SDK authorize method instead of using a simple anchor pointing to an URL. You already seem to be configuring the Auth0.js library instance correctly so you should just update the code to handle the login as a button click and then call the appropriate method.

yzolotarev · October 16, 2017, 6:15pm

Thank you, I totally forgot about this.

yzolotarev · October 16, 2017, 6:15pm

Thank you, I totally forgot about this.

Topic		Replies	Views
Always redirected to homepage post authentication - Expressjs - express-openid-connect Help openid	10	7477	June 2, 2020
Unable to redirect for OAuth 2.0 transaction Help redirect	2	3414	May 25, 2022
How to configure Auth0 application to redirect to a specific URL after login? Help auth0 , login , settings	6	18113	August 31, 2022
Redirect to a different page Help login-experience , new-universal-login-experience	2	1035	April 8, 2023
Redirect_uri seems to be wrong Help auth0	6	10243	February 9, 2022

Redirect URL doesn't work

Related Topics