callback missmatch error in angular with auth0

Question

Hi I'm using Auth0 with Nodejs and angularjs

here is what i want to achieve
1. I want to user to signup using auth0's lock
2. as soon as user logs in a callback should be called at my nodejs server
3. after that i will get the user information and user's JWT
4. then i will redirect user to dashboard page and store the JWT in browser

What's the problem with Auth0's example
1. they provide example either for angular or nodejs standalone not the combined
2. there is combined(client server) example but that's using jade with nodejs

my code snipped

Angular snipped

    var options = { auth: {
          redirectUrl: 'http://localhost:3000/callback'
        , responseType: 'code'
        , params: {
          scope: 'openid name email picture'
        }
  }
}

    lockProvider.init({
      clientID: 'cUlBNhhaIblahBlahRp6Km',
      domain: 'rishabh.auth0.com',
     option:options
    });

node snipped

router.get('/callback',
  passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }),
  function(req, res) {
    console.log(req.user);
    res.json({id_token:req.user});
  });

Note: I've added this callbacks in auth0 http://localhost:3000/callback but dont know why I'm facing this error for callback error when I've mentioned my redirect URL in angular side

can anyone tell me what is the problem with my code why auth0 not redirecting me to this url http://localhost:3000/callback

and the interesting thing is when i use simple lock.js instead of angular like this

<script>
var options = { auth: {
          redirectUrl: 'http://localhost:3000/callback'
        , responseType: 'code'
        , params: {
          scope: 'openid name email picture'
        }
  }
}

var lock = new Auth0Lock('clientID', 'rishabh.auth0.com',options);
lock.show();
</script>

then in this case my nodejs /callback route is called properly, so what I'm doing wrong with angular ?

please help

Update this is my project structure

full code https://github.com/LabN36/error

Config.js

    var Auth0Strategy = require('passport-auth0');
var passport = require('passport');


var strategy = new Auth0Strategy({
    domain:       process.env.AUTH0_DOMAIN || 'rishabh.auth0.com',
    clientID:     process.env.AUTH0_CLIENT_ID || 'cUheWwRxm7OLdHBRzlBNvfvfvfvfvhhaI1lxRp6Km',
    clientSecret: process.env.AUTH0_CLIENT_SECRET || 'e37eIZpjgBnDMBtrYMwvffvfvfvfaU4jSqt8qylZMT9Oj1EiffLGViinWQ5AiuWi1-WBwA8v3',
    callbackURL:  process.env.AUTH0_CALLBACK_URL || 'http://localhost:3000/callback'
  }, function(accessToken, refreshToken, extraParams, profile, done) {
    // accessToken is the token to call Auth0 API (not needed in the most cases)
    // extraParams.id_token has the JSON Web Token
    // profile has all the information from the user
     console.log(extraParams.id_token);
     //save user detail with token here and return token only profile
    return done(null, extraParams.id_token);
  });

passport.use(strategy);

// you can use this section to keep a smaller payload
passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(user, done) {
  done(null, user);
});

module.exports = passport;

AngularApp.js

    angular.module('workApp',['auth0.lock'])

.config(function($locationProvider,lockProvider){

var options = { auth: {
          // redirect:true,
         responseType: 'code',
          redirectUrl: 'http://localhost:3000/callback',
         params: {
          scope: 'openid name email picture'
        }
  }
}

    lockProvider.init({clientID: 'cUheWwRxm7OLdHBRzlBNhhaI1lxRp6Km',domain: 'rishabh.auth0.com',
    option:options
});
$locationProvider.html5Mode(true);
})
.controller('homeCtrl',function($scope,$http,$location,$window,lock){

  $scope.login = function() {
    // window.alert("magic")
    console.log("Messed Up really")
    var vm = this;
  vm.lock = lock; 
  lock.show();
  }

}).run(function(lock){
    lock.interceptHash();

  lock.on('authenticated', function(authResult) {
    localStorage.setItem('id_token', authResult.idToken);

    lock.getProfile(authResult.idToken, function(error, profile) {
      if (error) {
        console.log(error);
      }
      localStorage.setItem('profile', JSON.stringify(profile));
    });
  });
})

Answer 1

According to the screenshot the error happens because the authentication request is made with a redirect_uri of:

http://localhost:3000/

and the allowed callback URL's are:

http://localhost:3000/ callback
http://35.162.118.253:3000/ callback

Also based on the code you shared you're indeed setting the redirectUrl to be http://localhost:3000/callback so there may be something on the rest of the code that either causes that value to be overridden or not used at all.

If the redirectUrl is not set, Lock will use the current page so the likely culprit is that the options you set are not being used. If you still don't find the cause for this, update the question with the code associated with how Lock is shown.

---

Damn, the actual root cause was already shown in the code you initially provided, but only looking now at the full code made it possible for me to catch it...

You're calling lockProvider.init() with:

{ clientID: [?], domain: [?], option: options }

when it should be called with :

{ clientID: [?], domain: [?], options: options } // options instead of option