ERR_SSL_PROTOCOL_ERROR from auth0 wrong redirect, NO SET PRIMARY DOMAIN option

Hi all, I am looking for some help.

I use Auth0 for my login in a next js app. I have my custom domain with vercel, the vercel.app address and local host setup as callbacks:

customdomain/api/auth/callback,
vercel.app domain/api/auth/callback.
http://localhost:3000/api/auth/callback

I have a problem with some clients that have strong ssl firewalls. As they try to log in, they get an error: ERR_SSL_PROTOCOL_ERROR for vercel.app domain

Vercel seems to redirect to the vercel.app domain callback (which should not even be redirected to, as they are accessing from the customdomain).

I tried a few things.
I deleted the vercel.app domain from the project domain and taken out the call back. I get an error from auth0 that there is a callback mismatch, it still looks for the vercel.app domain. This seems to be a vercel issue as the local host still works fine. It looks like when logging in with the customdomain it redirects to the vercel.app domain and then back to the customdomain , even if it doesn’t exist anymore. Is there a way to make the domain the primary address of some sort? AI told me to flag Set Primary Domain option in the project’s domains settings, but I don’t see it. I checked dns and ssl as ai suggestes, everything works in dns and is A+

Thank you for your help!

I also noticed that when I get the callback mismatch, there is this param inside the the url:

code&redirect_uri=https%3A%2F%2F vercel.app domain %2Fapi%2Fauth%2F

which does not makes sense as that domain supposingly does not exist anymore

Hi, @whitaiji! Welcome to the Vercel Community

Could you take a look at this guide?

Hey, it really depending on how you have setup the domain and causing the redirection. If you have set the URL on Auth0 admin, you probably need to figure out how to make it dynamic. If you are using any static URL in code, you need to use Environment variable like VERCEL_URL so that they get changed based on every builds.

Hi, thank you for the reply, yes, I had read that before as i found it in another post, I was wondering though if it could also be triggered by the fact that there is a redirection to another domain (the vercel.app) since it happened another time when the redirection was from a secondary domain

Thank you for this. Is there any way to make the domain as primary? The AI suggested there should be an option so that all the traffic goes to it rather than the vercel.app domain, but I do not have the flag in my poject settings domain page

Yes, that sounds right, thing is with NextJs and the Auth0 SDK, the api call is already dynamic. the api call is made to ./api/auth/[...auth0] <a href='/api/auth/login'> and the dynamic page uses a function of the Auth0 sdk handleAuth() that takes no param. So the call is made dynamically from the domain already, but for some reason it gets redirected to the vercel.app domain callback right away, before getting to the auth0 login page, and if the domain vercel.app doesn’t exist, it gives a 404 page or if the callback is taken away, a callback missing error. Any idea why? I have posted the same on their community as well, as I am guessing you may have a few integrations, maybe it could be useful

I’m not entirely sure this will resolve your particular issue, but it sounds similar to this community post: Nextjs + auth0 work at localhost, but return 404 while depoly to vercel - #3 by onlinepenguin - Auth0 Community

You can leverage VERCEL_ENV to detect production build and set it VERCEL_PROJECT_PRODUCTION_URL System environment variables

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.