Redirect Users

You can return users to specific pages (URLs) within your application after validating their ID Tokens (authentication). To see an example of how this works, try the React: Login Quickstart.

Redirect users to callback URLs on the AllowList

Because callback URLs can be manipulated by unauthorized parties, Auth0 recognizes only URLs on the AllowList set in the Allowed Callback URLs field of an Application's Settings as valid. To return users to callback URLs on the AllowList, it is necessary for your application to know how to continue the user on their journey.

There are two methods for doing this:

  • Using cookies and browser sessions

  • Using state parameters

During a user's authentication, the redirect_uri request parameter is used as a callback URL. This is where your application receives and processes the response from Auth0, and is often the URL to which users are redirected once the authentication is complete. To learn more about how the redirect_uri works, see OAuth 2.0 Authorization Framework.

Redirect users to other URLs

Sometimes, the callback URL is not necessarily where you want users redirected after authentication. For example, if a user intends to access a protected page in your application, and that action triggers the request to authenticate, you can store that URL to redirect the user back to their intended page after the authentication finishes. Store the desired URL using the following methods:

Choose the option that works best for your application type and the type of flow that you are using. Create the necessary logic in your application to retrieve the stored URL and redirect your users where you want them to go. The Auth0 SDKs also include support for redirect URLs.

Learn more