Execute an Authorization Code Grant Flow with PKCE
Redirect Users After Login
To make your login process as easy-to-use and seamless as possible, you'll need to keep track of where you want to route users inside your application once Auth0 redirects users back to your application after authentication. There are two types of URLs:
Callback URLs: During a user's authentication, the
redirect_urirequest parameter is used as a callback URL. This is where your application will receive and process the response from Auth0, and is often the URL that users will be redirected to once the authentication is complete.
Because callback URLs can be manipulated by unauthorized parties, Auth0 recognizes only whitelisted URLs set in the Allowed Callback URLs field of an Application's Settings as valid.
However, the callback URL is not necessarily the same URL to which you want users redirected after authentication.
Non-callback URLs: To redirect authenticated users to a URL that is not the callback URL, you can store the desired URL using the following methods:
- For regular web apps, use a cookie or session
- For a single-page app, use local storage in the browser
- For a native app, use memory or local storage