Why does Auth0 use /login/callback instead of my configured callback URL in the redirect to Azure AD?

I am implementing Okta - Auth0 with Azure Active Directory (Azure AD) as the identity provider (IdP) in my Django project. Here's a breakdown of my setup:

  1. Django OAuth Configuration:

    • Callback URL in Django: https://mydomain/api/auth/callback/.
    • My Django app redirects users to the Auth0 /authorize endpoint with the correct redirect_uri.
  2. Auth0 Application Settings:

      • Allowed Login URLs: https://mydomain/api/auth/login/.
    • Allowed Callback URLs: https://mydomain/api/auth/callback/.
    • Allowed Logout URLs: https://mydomain/api/auth/logout/.
  3. Azure AD Application Settings:

    • Redirect URI: https://mydomain/api/auth/callback/.

Problem:

When I delete the default callback (https://dev-xxxxx.ca.auth0.com/login/callback) from Azure AD, the login process fails with the following error from Azure AD:

AADSTS50011: The redirect URI 'https://xxxxxxca.auth0.com/login/callback' specified in the request does not match the redirect URIs configured for the application.

However, I have not included the okta default /login/callback in my Auth0 configuration. I only use /api/auth/callback/. The flow seems to depend on this default callback URL, even though I expect Auth0 to use my configured callback (/api/auth/callback/) throughout the login flow.

Questions:

  1. Why does Auth0 internally use https://dev-xxxxxx.ca.auth0.com/login/callback instead of the configured callback URL (/api/auth/callback/) when redirecting to Azure AD?
  2. How can I eliminate the dependency on the default callback (/login/callback) and ensure the entire flow uses my custom callback (/api/auth/callback/)?

Steps I’ve Tried:

  1. Ensured https://mydomain/api/auth/callback/ is the only callback URL configured in:

    • Auth0's Allowed Callback URLs.
    • Azure AD's Redirect URI.
  2. Confirmed that the request to the /authorize endpoint includes the correct redirect_uri parameter pointing to /api/auth/callback/.

  3. Temporarily added https://dev-xxxxxxx.ca.auth0.com/login/callback back to Azure AD to make the flow work, but I want to remove this dependency.

AADSTS50011: The redirect URI 'https:/ /xxxxxxca.auth0.com/login/callback' specified in the request does not match the redirect URIs configured for the application.

I got same error when I configured https://mydomain/api/auth/callback in both Azure App Registration and Auth0 Callback URl.

Auth0 uses /login/callback as the redirect URI in its request to Azure AD, even if you've configured /api/auth/callback, due to how it manages its internal authentication flow.

To avoid error, I added to below two redirect URIs to Azure App Registration.

https://mydomain/api/auth/callback
https://mydomain/login/callback

Auth0 gets the response at /login/callback and then redirects to your callback URL /api/auth/callback to complete authentication.

enter image description here

I only configured https://mydomain/api/auth/callback in the Allowed Callback URLs in Auth0.

enter image description here

Output:

enter image description here

enter image description here

Back to Top