Try button for any SSO Connection has trouble with Redirect URI

Problem Statement

When using the Try button to test an SSO connection, the login flow fails with an error message regarding an issue with the redirect URI (e.g. “Invalid OAuth2 redirect_uri”).

Cause

The Try button uses a tenant’s canonical domain ({tenant_name}.auth0.com) and the tenant’s built-in client ID (called “All Applications”), which is used for certain tests and fallbacks and should not be used for any other purposes. The request passes the relevant connection parameter to skip straight to the connection’s configured IdP’s login page.

If the IdP is configured to use the tenant’s Custom Domain for the callback, there will be a mismatch error.

Solution

If a tenant has been configured with a custom domain, and SSO connections are also configured to user that custom domain for the callback, here are the steps to still test the connection:

  1. Copy the Try button link by right-clicking the button and selecting Copy Link Address:

  2. Paste the URL in the browser and replace the domain with the custom domain: