Auth0Lock 11 still show "unable to configure verification page" after setting the Custom Domain

Hi guys,

I’ve faced an issue and trying to research around 2 days but didn’t find any solution.
For the context, I have a tenant and already setting the custom domain to “auth.mydomain.com.au”, after that, I’ve setup the Auth0Lock as below:

var lock = new Auth0Lock('i0**public api key','auth.mydomain.com.au',{
container: 'root',
auth: {
    redirectUrl: 'https://redirect.mydomain.com.au/auth/auth0_authorize',
    responseMode: 'form_post',
    responseType: 'token id_token',
    params: {
        scope: 'openid profile email',
        state: '213'
    }
},
allowSignUp: false,
theme: {
    logo: 'https://theme.mydomain.com.au/images/product.png'
},
languageDictionary: {
    title: "",
    passwordInputPlaceholder: "Password",
    usernameOrEmailInputPlaceholder: "Username/Email"
},
overrides: {
    __tenant: "auth.mydomain.com.au",/*I've tried with tenantname.au.auth0.com but still no luck*/
    __token_issuer: "auth.mydomain.com.au"
},
});
lock.show();

And when I logged in to the system with “Block all cookies” mode (on Chrome) or “Prevent cross-site tracking” mode (on Mac). The error “Unable to configure verification page” still appeared.
Below is the log from Auth0

{
  "date": "2020-09-29T04:44:17.380Z",
  "type": "fcoa",
  "description": "Unable to configure verification page.",
  "connection": "CustomConnection",
  "connection_id": "con_1I***",
  "client_id": "i0A***",
  "client_name": "My app",
  "ip": "115.73.219.110",
  "user_agent": "Chrome 85.0.4183 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "i0A****",
      "response_type": "token id_token",
      "response_mode": "form_post",
      "redirect_uri": "https://redirect.mydomain.com.au/auth/auth0_authorize",
      "state": "b954c6e66571eb919daa11bcf2537b56",
      "connection": "Li***",
      "nonce": "HaqiY0fb_cr7sVzrLVDAZtPR2Q6OSJMR",
      "scope": "openid profile email",
      "realm": "CustomConnection",
      "login_ticket": "KZGQCylcUCwIjDWzxub6KFGm3xS9fx_B",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS45LjAiLCJsaWJfdmVyc2lvbiI6eyJyYXciOiI5LjcuMyJ9fQ=="
    },
    "connection": "CustomConnection",
    "error": {
      "message": "Unable to configure verification page.",
      "oauthError": "server_error",
      "type": "oauth-authorization"
    },
    "session_id": "fSw1s5Yg4cjeAzvVyGo2Z1P8WXVzFRP9"
  },
  "hostname": "auth.mydomain.com.au",
  "audience": "https://tenantname.au.auth0.com/userinfo",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.9.0",
    "lib_version": {
      "raw": "9.7.3"
    }
  },
  "log_id": "90020200929044421702000756068522539844203635993724584018",
  "_id": "90020200929044421702000756068522539844203635993724584018",
  "isMobile": false
}

But if I remove the cookie block, the system working well and I can log in successfully.

Do you guys have any advice in this case?

Hello @hien.ngo - welcome to the Auth0 Community!

You might have to set up a cross-origin verification page. A Custom Domain can probably help with third-party cookies, but it will not help with no cookies - we still rely on them quire heavily.

You can find instructions on how to set it up here: https://auth0.com/docs/login/embedded-login/cross-origin-authentication#create-a-cross-origin-verification-page

1 Like

Thanks Josean.
Base on the Auth0 document, I’m thinking that all cookies will stay in the Auth0, so the system will work with disable all cookies. All good with your explanation.