Hi all,
I'm currently implementing an OIDC (OpenID Connect) login flow for a mobile application built in OutSystems. Everything works perfectly in my Personal Environment — after the authentication step, the callback screen receives both the authorization code and the state as expected.
However, when I move the same mobile app to our Enterprise Environment, the callback redirect screen opens, but the code and state parameters are empty or missing.
What Happens:
In Personal Environment:
Callback screen receives code and state correctly.
Flow continues and user is redirected to the Home screen.
In Enterprise Environment:
User is redirected to the callback screen.
But code and state are empty.
Because of this, the app cannot proceed, and the flow is stuck on the callback screen — user is not navigated to the Home screen.
What I've Done:
Using OutSystems mobile app .
Redirect URI is something like: myapp://callback.
The redirect URI is registered correctly in the identity provider (Auth0).
Things I’ve Checked:
Identity provider configuration — identical for both environments.
OIDC endpoints — correct for the tenant.
Questions:
Has anyone else experienced this discrepancy between Personal and Enterprise environments?
Any known issues with InAppBrowser or OutSystems handling of deep links in Enterprise environments?