User is successfully authenticated and redirected back to https://app1.domain.com
*User clicks on https://app2.domain.com, browser redirects user. Since user is already authenticated, user lands protected page
Results:
When user lands on protected page in https://app1.domain.com, user is redirected to error page with the following error message: unauthorized_client : Callback URL mismatch. https://tapp1.domain.com/api/auth/callback is not in the list of allowed callback URLs
For each of your applications in Auth0 tenant, there is a need to set The callback URLs pointing back to the specific application URL. (It still means they all have the same Login page.).
As an example, if you want to let your users to log in into https://app1.domain.com, once they are authenticated by Auth0 server, the will be redirected to this application, so the callback url must be ttps://app1.domain.com.
thank you so much for your response, that makes sense. I am just a bit lost in terms of how I force users of https://app1.domain.com to redirect to https://auth.domain.com? Do I need to configure the Tenant Login URI to point to the auth app?
Once you’ve registered apps on your auth0 tenant, you can start building the integration on your app stack level, optionally leveraging auth0-supported libraries that, among others, builds the required routes for the authentication. For your run environment, providing Auth0 configuration variables, like the auth0 domain (and a few others), is required.
I encourage you to review the documentation for your specific use case. Here’s an example on how to do so step by step for a regular node js web app with Express framework, utilising the express-openid-connect package.
