"You are using a callback URL with a wildcard error" after updating from auth0 react v1 to v2

Hey guys, so I updated my auth0-react from v1.12 to v2.2.0 and followed the migration guide.
After updating when I’m redirect to the CLU I get the following error, but with the previous version everything worked fine.

Screenshot from 2023-08-09 13-24-051462×939 57.7 KB

This is my code before updating:

provider code

<Auth0Provider
      domain={process.env.NEXT_PUBLIC_AUTH0_DOMAIN }
      clientId={process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID}
      redirectUri={typeof window !== 'undefined' ? window.location.origin : undefined}
      onRedirectCallback={onRedirectCallback}
      audience='https://app.estudojo.com.br'
      cacheLocation='localstorage'
    >

login redirect

  await auth.loginWithRedirect({
        appState: {
          returnTo: window.location.pathname
        }
      })

This is my code after updating:

provider code

         domain={process.env.NEXT_PUBLIC_AUTH0_DOMAIN }
      clientId={process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID}
      authorizationParams={{
        audience: 'https://app.estudojo.com.br',
        redirect_url: 'https://teste.estudojo.com.br:3001'
      }}
      onRedirectCallback={onRedirectCallback}
      cacheLocation='localstorage'
      useRefreshTokens={true}
    >

login redirect

   await auth.loginWithRedirect({
        appState: {
          returnTo: window.location.pathname
        }
      })

Those are my allowed callbacks URLs:>

https://*.estudojo.com.br, https://*.estudojo.com.br:3001, https://teste.estudojo.com.br:3001

When comparing both functional and broke CLU url, I found out that the v1 scope is “openid profile email” and v2 is “openid profile email offline_access”

Hi @gabriel.cunha,

Welcome to the Auth0 Community!

If you remove the wildcards from the callback URL, does that resolve the error?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.