For example to include some state after the user is redirected back after login
When using the StytchLoginComponent (stytch/next-js), if I add any additional query parameters I get this error:
"error_message": "The redirect url in the request provided query parameters that did not match any redirect URLs set on the Stytch dashboard for this project. Please visit https://stytch.com/dashboard/redirect-urls to make any necessary updates. For more information on why this validation is necessary please visit https://stytch.com/docs/api/url-validation",
Ah, I see it now in the docs
The error is gone now, but the query parameters I passed in are not sent back to my authenticate endpoint
Hey Alan – thanks for posting!
Would you mind sharing the redirect URL value that you’re passing into the login component (with any sensitive values redacted), as well as the value that you allowlisted in the Stytch Dashboard? We’d definitely expect the parameters to be passed back to your application during the redirect!
Thanks for the response. Now that it’s not late at night, I can see there was an error on my side and the parameter wasn’t being passed in!
Awesome, glad to hear that! Late nights get us all! Let us know if there’s anything else we can help out with.
Hey Alan – which URL are you on in the browser when you receive that 403? Is the 403 in response to a request to Stytch or a request to Google?
If you substitute your
loginChallenge value for something short (like
12345, just for testing purposes) do you still receive the 403?
Yes, if it’s shorter it does work (I am removing the signupRedirectUrl parameters)
I am removing the signupRedirectUrl parameters
To clarify, does removing the
signupRedirectUrl param prevent the 403, or shortening the
loginChallenge param prevents the 403 error (and you’re also removing the
For context, sometimes requests with extremely long query parameters can run into 403 errors, usually because something within the parameter values looks suspicious, and the request is blocked at the server level.
Do you have an example full URL you’d be able to provide, or any context on the syntax of
loginChallenge? If you’re able to either shorten the
loginChallenge parameter or perhaps change the way it’s generated that would likely do the trick!
I removed signupRedirectUrl (set it to null). I didn’t shorten anything, I left loginRedirectUrl as is.
Got it - are you able to send over an example URL that’s hitting a 403, with the offending
signupRedirectUrl parameter in particular?
In general, this parameter shouldn’t be causing 403 errors, and we haven’t been able to reproduce this with the
signupRedirectUrl included in the earlier URL provided (