Svelte authentication over network

I have gone through “Authenticating Svelte Applications” in blogs. I set up an auth0 account and it works.
My setup is a linux VM running on a windows host. I have changed package.json so that it is available from the host browser as well as localhost.
If I set callback_url’s etc to localhost:5000 then it works with localhost but from the PC, I get
Uncaught (in promise) Error:
auth0-spa-js must run on a secure origin.
when I try to login.
If I set callback_urls etc to VM_name:5000 then locally I get
Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.

What am I doing wrong? (I would have raised this on the blog discssion but that was closed after 28 days)

Welcome to the Auth0 Community, @johnnorris-10!

This behaviour seems related to auth0-spa-js/ at master · auth0/auth0-spa-js · GitHub

The problem is Web Cryptography API requires a secure origin. As you can see, for some browsers (not all of them, but Chrome is probably the most notorious), you are not following at least one of the patterns mentioned in the documentation above. This means that for Chrome, you are not running your application from a secure origin. There’s a good conversation on this here: Please require a secure origin (Bug 25972) · Issue #28 · w3c/webcrypto · GitHub and also here: 25972 – Please require a secure origin

1 Like

I am using Firefox. But as you say this will affect all browsers.
I have got this to work with keycloak but that was hosted locally rather than third party like auth0.
So localhost only then.
Many thanks.

I’m happy to help! Good luck with your implementation.

1 Like