Continuous redirect to authentication in Firefox

Hi,

I have set up a SPA with auth0. I can successfully access it using Edge, Chrome (Win & Linux & Android), but whenever I try to access the page using Firefox (all: Linux, Windows, Android), I get to the authentication page, enter the credentials, get redirected to the SPA, see the ‘Error: invalid token. Check the console for further details.’ alert for a moment, and then get redirected to the authentication page again. And no, there is nothing on the console, even if I set it to persist.

is there anything special known about Firefox that I should be aware of?

Regards
sthones

could you add more details on how do you call auth0?
What is the redirect Uri? Are you using window.location?

@fredguth , thanks for looking into this.

could you add more details on how do you call auth0?

I’ve been mainly following the instructions from the tutorial.

// Authentication / auth0
window.addEventListener('load', () => {
  const webAuth = new auth0.WebAuth({
    domain:       'sthones.eu.auth0.com',
    clientID:     '<id>',
    redirectUri:  window.location.href,
    audience:     '<api audience>',
    responseType: 'token id_token',
    scope:        'openid'
  });

  const isAuthenticated = function() {
    // Check whether the current time is past the
    // access token's expiry time
    const expiresAt = JSON.parse(localStorage.getItem('expires_at'));

    return new Date().getTime() < expiresAt;
  };
    
  const setSession = function(authResult) {
    // Set the time that the access token will expire at
    const expiresAt = JSON.stringify(authResult.expiresIn * 1000 + new Date().getTime());

    localStorage.setItem('access_token', authResult.accessToken);
    localStorage.setItem('id_token', authResult.idToken);
    localStorage.setItem('expires_at', expiresAt);
  };

  const handleAuthentication = function() {
    webAuth.parseHash((err, authResult) => {
      if(authResult && authResult.accessToken && authResult.idToken) {
        window.location.hash = '';
        setSession(authResult);
      } else if(err) {
        console.log(err);
        alert('Error: ' + err.error + '. Check the console for further details.');
      }
    });
  };

  handleAuthentication();

  if(!isAuthenticated()) {
    webAuth.authorize();
  }
});

What is the redirect Uri?
Are you using window.location?

redirectUri:  window.location.href,

I’m confused about the fact that the console.log() statement is not printed to the console, and the alert() popup is immediately disappearing, when the page is redirecting to the authentication. due to this, I don’t know how I would add troubleshooting data…

@fredguth , anyone else? any idea on how to continue?

I am having the same (or very similar) issue using the WordPress plugin, and using ADFS for authentication. All browsers seem to behave just fine with the exception of Firefox which gets stuck and will not authenticate users. Users are returned the login screen (rather than being redirected into the site as they should be). And on the login screen the login widget is no longer visible. If you try to go into the site manually at this point (typing a url) you are redirected to the login screen.

Have there been any updates on this issue? @sthones, are you using MFA or just redirecting straight to your SPA?

I’m using SPA only. and no, I haven’t progress on this. for the moment it’s simply no Firefox supported.