I have been trying to follow this:
https://auth0.com/docs/users/redirecting-users#redirect-users-to-a-non-callback-url
The options for lock v11 are
var authOptions = {
allowSignUp: false,
rememberLastLogin: false,
avatar: null,
closable: false,
autoclose: true,
//container: 'hiw-login-container',
languageDictionary: {
title: 'Welcome',
usernameOrEmailInputPlaceholder: 'your email'
},
sso: true,
auth: {
params: {
scope: 'openid offline_access nameidentifier',
},
}
};
To handle non-callback urls, I store them beforehand on the localstorage & after authentication is successfull, redirect the user.
Something like:
lock.on('authenticated',
function (authResult) {
sessionService.setInitialLogin();
tokenService.setToken(authResult.idToken);
tokenService.setRefreshToken(authResult.refreshToken);
authManager.authenticate();
lock.getProfile(authResult.accessToken,
function (error, profile) {
if (error) {
loginFailed();
console.log(error);
}
// more stuff...
var redirectUrl = localStorage.getItem(APP_CONFIG.redirectUrl);
if (redirectUrl !== '' && redirectUrl !== "undefined") {
$window.location.href = redirectUrl;
}
});
});
But whenever the user puts in a non-callback url , the lock gets displayed, user logs in & the
https://<client>.auth0.com/authorize?
call has the redirect_uri
set to the non-callback url.
This results in standard Callback URL mismatch
error.
How do I resolve this?