Login redirect URIs redirecting to Local Host

Hi, recently placed by Web App into production and for some reason the Login and Logout URl’s are all pointing to localhost, instead of the domain name. I don’t know why or what I am doing wrong

These are the General settings, which I think I have done correctly. When running the node app locally, it works perfectly.

However when I uploaded the app onto a web server and ran it on nginx with a reverse proxy to port 3000. things started going wrong. I don’t know if this effected it?

Now when I try to login, the callback goes to ’ http://localhost:3000/authorization-code/callback? ’


Any help would be appreciated!

Hi @Rocki,

The default redirect URI for the ExpressOIDC module is {appBaseUrl}/authorization-code/callback
In your case, when you’re running locally, it’s http://localhost:3000/authorization-code/callback which looks correct.
But when you deploy it to production server, it’s redirected to https://yourDomain.com/authorization-code/callback, provided that you’ve updated your appBaseUrl to https://yourDomain.com

Looking at your code (assuming it’s your production code), I see that appBaseUrl isn’t set correctly. It should be set to the domain of your server.
And in the Okta Admin Application settings, replace https://{domain}/authorization-code/callback with the right value for your domain (something like https://yourDomain.com/authorization-code/callback)

You can see more configuration for ExpressOIDC middleware here

Hope this helps.

Hi @vijet,

Thanks for the quick reply!

My appBaseUrl i think is set correctly, and so are the Otka Admin Settings, it’s just I replaced the URL with {domain} for the purposes of uploading it onto here. But its been set to this, which is the domain,


Funnily enough, when the appBaseUrl is set to the production servers domain. The production server uses the localhost call back. So after logging using the sign in page this happens:


But when running this locally, with the very same settings and code this happens:


Its a very strange interaction that’s happening.

Both the domain and localhost are listed as trusted origins as well, so im really confused as to why this is happening.

These are my Otka Settings, without hiding the domain:

Sorry for the confusion before!

Try to provide redirect_uri explicitly in your OIDC config

const oidc = new ExpressOIDC({
redirect_uri: 'http://{your server and host}/authorization-code/callback',

Hi @phi1ipp

Thanks for your reply!

I added that in and tried that:

But I still get the same result unfortunately


Well, well, well… I didn’t expect that from Okta :slight_smile:

So change your parameter name to loginRedirectUri please, it should help.

Still got the same result unfortunately :confused: .Should I try configure a callback inside the routes parameter?

Iv been stuck on this for a week now and I really have no idea what I’m doing wrong

At this point I’d ask, are you sure that you are hitting your application?! This is all really strange. Is there a chance that your reverse proxy can do rewrite/reroute by any chance? Can you try to test directly hitting your application?

@phi1ipp Fixed it! It was my server config. Just for future reference for anyone that might have the same problem.

Changed the settings to this instead:

proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;