Call to authorize endpoint throwing 400

henalbrod / Blazor.Auth0

The library for using Auth0 in Blazor applications.

https://github.com/henalbrod/Blazor.Auth0

MIT License

110 stars 29 forks source link

Call to authorize endpoint throwing 400 #16

Closed indcoder closed 5 years ago

indcoder commented 5 years ago

Hi,

The call to authorize endpoint is failing with an HTTP code 400

Request URL: https://[domain]/authorize?response_type=code&code_challenge_method=S256&code_challenge=[code challenge]&state=[state]&nonce=[nonce]&client_id=[clientid]&scope=openid%20profile%20email&redirect_uri=https://localhost:5001/&response_mode=web_message&prompt=none

But if I lop off the last two parameters from the URL, it works &response_mode=web_message&prompt=none

henalbrod commented 5 years ago

Hi!

An error 400 is indicating that at least one parameter is wrong, please verify if the provided Auth0 domain and Client Id are correct.

Also, verify the following setting values doesn't contains URLs finished with "/"

Allowed Callback URLs
Allowed Web Origins
Allowed Logout URLs
Allowed Origins (CORS)

For your example, the value in those should look like this http://localhost:5001 (without an "/" at the end).

A value like this http://localhost:5001/ (with an "/" at the end). will result in an Error 400.

indcoder commented 5 years ago

Oh yes those are correct...hence the call to Authorize works when I remove those two parameters only....the other parts of the URL call incl. Domain , client id, state, nonce etc are not changed.

Sent from mobile

On Tue, 30 Jul, 2019, 4:49 AM Henry Alberto Rodriguez Rodriguez, < notifications@github.com> wrote:

Hi!

An error 400 is indicating that at least one parameter is wrong, please verify if the provided Auth0 domain and Client Id are correct.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Pegazux/Blazor.Auth0/issues/16?email_source=notifications&email_token=AAQAQZDF4F4EJ3XE2UP7MPDQB53HBA5CNFSM4IHWZNWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3CI5OQ#issuecomment-516198074, or mute the thread https://github.com/notifications/unsubscribe-auth/AAQAQZHJGT7NKX65RP7KJZDQB53HBANCNFSM4IHWZNWA .

henalbrod commented 5 years ago

Hi,

I updated my comment, would you please revalidate with the extra info?

indcoder commented 5 years ago

I'm not setting the Redirect URL in the code ....I'm not sure where Blazor.Auth0 is picking up that value.
I tried to make that Authorize call without the trailing slash in the redirect URI but it still failed. Only when I remove the web_message and prompt query, it then works.....even with the trailing slash in the redirect URI

henalbrod commented 5 years ago

The settings I mention in my comment are located in the Auth0's Client settings page not in the code.

In your Auth0 account please visit the Applications menu then select the desired application. # Capture1 #

Then inside the application settings verify the settings I mentioned comments before: # Capture2

indcoder commented 5 years ago

Well this was always my redirect URI ....it did not have the trailing slash

I have not configured anything for "Allowed web origin" and "Allowed Logout urls" They are empty/

henalbrod commented 5 years ago

Please include your URLs into those settings also

indcoder commented 5 years ago

Thanks....Its working now . Closing the issue