Why does Auth0 use /login/callback instead of my configured callback URL in the redirect to Azure AD?
I am implementing Okta - Auth0 with Azure Active Directory (Azure AD) as the identity provider (IdP) in my Django project. Here's a breakdown of my setup:
Django OAuth Configuration:
- Callback URL in Django: https://mydomain/api/auth/callback/.
- My Django app redirects users to the Auth0 /authorize endpoint with the correct redirect_uri.
Auth0 Application Settings:
-
- Allowed Login URLs: https://mydomain/api/auth/login/.
- Allowed Callback URLs: https://mydomain/api/auth/callback/.
- Allowed Logout URLs: https://mydomain/api/auth/logout/.
-
Azure AD Application Settings:
- Redirect URI: https://mydomain/api/auth/callback/.
Problem:
When I delete the default callback (https://dev-xxxxx.ca.auth0.com/login/callback) from Azure AD, the login process fails with the following error from Azure AD:
AADSTS50011: The redirect URI 'https://xxxxxxca.auth0.com/login/callback' specified in the request does not match the redirect URIs configured for the application.
However, I have not included the okta default /login/callback in my Auth0 configuration. I only use /api/auth/callback/. The flow seems to depend on this default callback URL, even though I expect Auth0 to use my configured callback (/api/auth/callback/) throughout the login flow.
Questions:
- Why does Auth0 internally use https://dev-xxxxxx.ca.auth0.com/login/callback instead of the configured callback URL (/api/auth/callback/) when redirecting to Azure AD?
- How can I eliminate the dependency on the default callback (/login/callback) and ensure the entire flow uses my custom callback (/api/auth/callback/)?
Steps I’ve Tried:
Ensured https://mydomain/api/auth/callback/ is the only callback URL configured in:
- Auth0's Allowed Callback URLs.
- Azure AD's Redirect URI.
Confirmed that the request to the /authorize endpoint includes the correct redirect_uri parameter pointing to /api/auth/callback/.
Temporarily added https://dev-xxxxxxx.ca.auth0.com/login/callback back to Azure AD to make the flow work, but I want to remove this dependency.
AADSTS50011: The redirect URI 'https:/ /xxxxxxca.auth0.com/login/callback' specified in the request does not match the redirect URIs configured for the application.
I got same error when I configured https://mydomain/api/auth/callback
in both Azure App Registration and Auth0 Callback URl.
Auth0 uses /login/callback
as the redirect URI in its request to Azure AD, even if you've configured /api/auth/callback
, due to how it manages its internal authentication flow.
To avoid error, I added to below two redirect URIs to Azure App Registration.
https://mydomain/api/auth/callback
https://mydomain/login/callback
Auth0 gets the response at /login/callback
and then redirects to your callback URL /api/auth/callback
to complete authentication.
I only configured https://mydomain/api/auth/callback
in the Allowed Callback URLs in Auth0.
Output: