I am having issues with the Auth0 callback. The problem is that after authentication, the redirect coming back to the browser (Chrome in this case) contains a # fragment and the browser is not sending this hash fragment to the redirected URL. See below.
Here is the callback.
Request URL:https://tapaas.auth0.com/login/callback?state=B0DYX2akGxLvkddRxPQ3JbYo0cIeRRRR&code=4/3rfgi3VLyS1bcO1Ni8GNNNdPeCrihaITVFeeSV_yYc Request Method:GET Status Code:302 Found Remote Address:188.8.131.52:443
The browser then issues a request for
https://localhost:5001/callback without the #fragment containing all the useful information.
Request URL:https://localhost:5001/callback Request Method:GET Status Code:302 Moved Temporarily Remote Address:::1]:5001
Any ideas how to get the JWT token to come back on the callback?
The reason for this is that my use case is a little different to any of the boilerplate cases that are documented by Auth0. We have a web app but we don’t want the web app (client or server code) to have any knowledge of Auth0. We have an openresty nginx reverse proxy sitting in the way. It checks requests and redirects to the standard Auth0 authentication.
The Auth0 authetication callback passes the JWT token which is picked up by nginx and set as a cookie for the user session. Further requests will validate the JWT token from the cookie, unpack the user identity and authorisation roles and place those as headers to the server application to which the request is then proxied.