Auth0 integration fails: "Wrong extern UID provided. Make sure Auth0 is configured correctly."

Hello! I have recently set up GitLab CE on an Ubuntu 18.04 server with Digital Ocean according to this guide except I have it running behind an nginx reverse proxy: :

I was able to set a password for the root account and log in and everything I tested / care about works. However I hit an issue with omniauth: I would like to let users authenticate with Auth0.

I followed these guides down to the letter:

Expected Behavior

When I visit https://MY_SITE/users/sign_in and select “Sign in with Auth0,” I should be authenticated and redirected beyond the login page.

Actual Behavior

I am redirected back to the sign-in page with a red warning at the top of the page: Wrong extern UID provided. Make sure Auth0 is configured correctly.

Configuration Details

GitLab settings

Here are the omniauth settings I have explicitly set in /etc/gitlab/gitlab.rb:

gitlab_rails['omniauth_allow_single_sign_on'] = ['auth0', 'saml']
gitlab_rails['omniauth_providers'] = [
    "name" => "auth0",
    "args" => { client_id: 'I_SWEAR_I_PASTED_THIS_CORRECTLY',
                client_secret: 'I_SWEAR_I_PASTED_THIS_CORRECTLY_TOO',
                domain: '',
                scope: 'openid profile email'

Auth0 settings

I created an application (M2M, though “Regular Web App” produced identical results) for an API; that API already has some existing applications registered. Another application I’m running is able to authenticate just fine.

I put the correct values in Allowed Callback URLs and Allowed Origins (CORS).

Under “Advanced” I have “OIDC-Conformant” enabled.


I’m inexperienced with GitLab, and my Auth0 experience consists of writing an application that successfully authenticates against the Database Connection associated with my Auth0 account.

I’m obviously missing something important and would greatly appreciate any gentle nudging in the right direction. Thank you!