Redirect URI Mismatch Error in Auth0

Overview

When attempting to authenticate with an Auth0 application, the following error may appear:

 

{URL} is not in the list of allowed callback URLs.

 

This error occurs when the redirect_uri value sent in the /authorize request does not exactly match a URL configured in the application’s Allowed Callback URLs.

Applies To

  • Auth0 Universal Login
  • Callback URLs
  • Auth0 Applications

Cause

Auth0 performs exact string matching on callback URLs for security purposes. The error can occur if there are differences between the configured URL and the redirect_uri value, including:

  • http vs https.
  • Different ports.
  • Trailing slashes.
  • Incorrect subdomains or paths.
  • Environment mismatches (development vs production).

Example:

Does not match: 

Solution

How is the redirect URI mismatch error resolved?

Resolve the redirect URI mismatch error by navigating to the application settings in the Auth0 Dashboard and adding the exact callback URL to the allowed list as detailed in either the video demonstration or the written instructions.


 

  1. Go to the Auth0 Dashboard.
  2. Go to Applications > Applications.
  3. Select the affected application.
  4. Scroll to Application URIs in the Settings tab.
  5. Add the exact value of the redirect_uri parameter to the Allowed Callback URLs field.
  6. Select Save.

 

NOTE: Ensure the configured callback URL exactly matches the value sent in the authentication request.

Recommended content

No recommended content found...