Error Switching firewalls - InternalOAuthError: Failed to obtain access token

Hello, My company has recently moved offices, and in the process switched firewalls.

The app we’ve been using was fine before, but some settings must be different on the new firewall, I was just wondering if anyone had encountered this error before, and what they did to fix it.

Stack Overflow has answers that talk about Proxies, but we do not have any proxies so that isnt our problem.

Full stack trace from node:

InternalOAuthError: Failed to obtain access token
    at Strategy.OAuth2Strategy._createOAuthError (/home/*/project/node_modules/passport-oauth2/lib/strategy.js:379:17)
    at /home/*/project/node_modules/passport-oauth2/lib/strategy.js:166:45
    at /home/*/project/node_modules/oauth/lib/oauth2.js:191:18
    at ClientRequest.<anonymous> (/home/*/project/node_modules/oauth/lib/oauth2.js:162:5)
    at emitOne (events.js:96:13)
    at ClientRequest.emit (events.js:188:7)
    at TLSSocket.socketErrorListener (_http_client.js:308:9)
    at emitOne (events.js:96:13)
    at TLSSocket.emit (events.js:188:7)
    at connectErrorNT (net.js:1016:8)

The steps for me to get this error:

  1. Auth0 Lock screen pops up
  2. User types in their information
  3. auth0 registers that the user has logged in(in the logs)
  4. Callback hits and generates the error

Thank you for any information!

I have exactly the same problem, did you ever get this resolved?

Yes I did, If I remember correctly, there were some IP’s that needed access outbound.

I found this on Production Checks: Best Practices
Take a look at “Whitelist Auth0 Public IPs”

When you create a new rule / hook, there will be a little popup saying something like:
Heads up! If you are trying to access a service behind a firewall, make sure to open the right ports and allow inbound connections from these IP addresses: 35.167.74.121,35.166.202.113,35.160.3.103

So just add those IP’s to your firewall rules and you should be OK!

This was solved, if I remember correctly, there were some IP’s that needed access outbound.

I found this on Production Checks: Best Practices
Take a look at “Whitelist Auth0 Public IPs”

When you create a new rule / hook, there will be a little popup saying something like:
Heads up! If you are trying to access a service behind a firewall, make sure to open the right ports and allow inbound connections from these IP addresses: 35.167.74.121,35.166.202.113,35.160.3.103

So just add those IP’s to your firewall rules and you should be OK!

Hmmm … I don’t have any rules or hooks or anything custom. There shouldn’t be any reason for auth0 to initiate an inbound call to me (for which I would need to whitelist them). The authenticate call is an outbound call which should exit the firewall without any problems.

Besides rules and hooks the Wordpress Auth0 plugin may also require a call from Auth0 to the Wordpress installation when doing automatic configuration; but that is optional. You may want to post your own question detailing your exact scenario and any other information you think may be relevant to troubleshoot.