I’m working on an Auth0 + Netlify integration. I’m able to generate the appropriate token that Netlify should be expecting to use for protecting routes based on a role. I’ve got the following redirect configuration setup, but I can navigate directly to the /admin/admin route without Netlify stopping me.
/admin/* 200! Role=admin
Site Name - https://netlify-auth0-integration.netlify.app/
Build is fine
Hi James,
No redirects are deployed on that site. You can see our build system telling you this here:
I’d guess that your _redirects file did not end up next to index.html - I only see these files in that deploy (I should see _redirects too - we keep a copy with the deploy but do NOT allow browser access to _headers, _redirects, and netlify.toml):
/netlify.toml
/404.html
/index.html
/admin/admin.html
Thanks for the response!
My _redirects file is in the root of my repo (see image below) where my netlify.toml file is. My index.html page is inside of a /public directory. So you’re saying that my _redirects file should be in the public directory?
Welp, the redirects file does need to go into the publish directory. Works now!! 
Thanks @fool
Also it feels weird to type “Thanks fool” hahaha
great! glad its working 
Glad to hear you got things working! To explain that oddness you mention, we do copy netlify.toml from the root of the repo to save a copy for our staff’s debugging.
Re: calling me fool, please do whatever is comfortable for you I’ve always been named “Christopher Michael” which is pretty much the worst for namespace collision: when your name is Chris, there’s always another Chris in the room. In this case I tried to avoid collision by being an early hire at Netlify, but when one of the co-founders is named Chris, even employee 9 needs a different email address and nickname…
