Get an error Unknown or invalid login ticket

I have an SPA and I use auth0 lock widget for login.

Time by time some users are getting the error when trying to authorize.

error: access_dinied,
error_description: Unknown or invalid login ticket.

But in this time if I try login from another computer with the same credentials I haven’t got this error.

Tell me who met this problem and how to solve it?

1 Like

Are you using Lock or Auth0.js? Which version? Could you share a snippet from your authentication request?

I am using Lock latest version. options for widget

{
 redirect: false,
          auth: {
         redirect: false,
         sso: false,
         redirectUrl: window.location.origin,
         responseType: 'token id_token',
         params: {
           scope: 'openid',
         },
 }
 }

Does this occur in all browsers or just one? When you login from a computer that works, are you using the same browser version?

Also, does this occur only after you have been previously signed in and try to log back in after being signed out?

This issue appears a suddenly on different version of browsers but most often on Mozilla and safari and one time was on Chrome

1 Like

Same here, only on Safari

We experienced the same issue here:

2 Likes

I got the same issue and struggling to figure out the reason. I notice after clearing the cache , the user manages to login but it definitely not a way to solve this case.

I am getting the same issue. I had put verification page in place but still unable to login. Error says “Unknown or Invalid login ticket”. Let me know if somebody fixed it.

We’re having the same problem. We saw it for the first time in Firefox after upgrading from Auth0.js 9.1.3 to 9.3.2.

The only way to login successfully was to clean the cookies.

For the ‘invalid login ticket’ error some have been experiencing, there was a fix deployed recently and should now be resolved. Please do not hesitate to respond if you notice any unexpected behaviour.

@kimcodes I am still experiencing this bug.

1 Like

Are you using Lock or Auth0.js? Is this happening with one user or all users, and/or occurring in a particular browser? Could you share a snippet from your authentication request?

Lock. I’m creating new users, so all different. It happens 100% of the time in Chrome (v66.0.3359.117), but seems to work fine in Firefox (v59.0.2)

Not sure what you’re looking for in the authentication request (also not sure which fields are sensitive, so I may have replaced innocuous ones:

client_id: // i confirmed this matches
response_type: token id_token
redirect_uri: http://…/auth/callback
audience: // i confirmed this matches
connection: Username-Password-Authentication
nonce: // looks like some kind of hash
state: // looks like some kind of hash
scope: openid profile email
realm: Username-Password-Authentication
login_ticket: // looks like some kind of hash
auth0Client: // base64

We’re strangely getting the same error starting yesterday. Never had any problems before then.

error: “access_denied”
errorDescription: “Unknown or invalid login ticket.”
state: “Lj0XSfFlUZnB6i5cnZoaHbmIT-ACLvOV”

We have the same issue in safari on iOS. Clearing local storage and cookies does not help. Login works after reloading page ignoring cache. We use Auth0.js.

We finally figured out all of the reasoning.

  1. Safari by default does not accept cookies anymore (other browsers probably following suit soon)
  2. So we enabled custom domains (Auth0 → Tenant Settings → Custom Domains)
  3. Added the CNAME to our registrar
  4. Then we changed our login URL to this new domain (ex: login.mydomain.com)
  5. No need for cross origin cookies or cross origin verification anymore and all browsers and users can sign in
1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.