Auth0 Home Blog Docs

Authorization problem. (Error: "unauthorized", errorDescription: "Access denied.")



Good afternoon,

I’m trying to implement Auth0 with my Vue2 project and following your “Quick start” example from “Clients” section i’ve downloaded the sample project as per instructions. When trying to login I can see your hosted version of the login screen, after entering my Gmail details I’m getting redirected back to the app but authorisation is not happening.

Error: “unauthorized”, errorDescription: "Access denied."
Uncaught TypeError: Cannot read property ‘check’ of undefined

![alt text][1]

I’ve tried to log in with other Gmail account but getting the same issue.

Any help is much appreciated.
Many Thanks


Hi, I had a similar situation recently.

What’s not clear from your post is the protocol you are using - SAML2-P or OpenID Connect?

I’ve recently had a similar issue with SAML2-P, I was using OWIN and the KentorIT.AuthServices component and it turned out that there as a mismatch between the signing level. I found this out from debugging the code but it turned out that it was all logged. So you really need to see if there is some of form logging in the version you are using to see what it could be.

Sorry my answer is vague but there is a lot of information missing.

Kind regards,


Hi James,

Thanks so much for the quick answer. I am using OpenID.

My error is logged in Auth0, please find json response bellow.

Let me know if you have any other questions.

  "date": "2017-06-05T12:55:52.610Z",
  "type": "f",
  "description": "Access denied.",
  "connection": "google-oauth2",
  "connection_id": "con_7LIhcreigW2mmj1t",
  "client_id": "xxxxxxxxxxxxxxxxxxxx",
  "client_name": "xxxxxxxxxxxxxxxxxxxx",
  "ip": "",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
  "details": {
    "body": {},
    "qs": {
      "state": "BwQfJaECJMpdw09EZrHRcQpgkTokj~b4",
      "code": "4/rGCTvDaTish11qXXY8k9SbOKtI7L7DRP9aXs8MqvXqc",
      "scope": "openid",
      "response_type": "token id_token",
      "connection": "google-oauth2",
      "connection_scope": "",
      "sso": "true",
      "_csrf": "QSA4b2fL-ZjGBDysOGrO4Cq7w8q48sKnkUMk",
      "audience": "",
      "nonce": "ht3q2bKb8YGFL2R.VLLt4b22.1bY0hMt",
      "protocol": "oauth2",
      "client_id": "xxxxxxxxxxxxxxxxxxxx",
      "redirect_uri": "http://localhost:8080/callback",
      "mfa_requested": false
    "connection": "google-oauth2",
    "error": {
      "message": "Access denied.",
      "oauthError": "unauthorized",
      "type": "oauth-authorization"
    "stats": {
      "loginsCount": 18
  "user_id": "google-oauth2|xxxxxxxxxxxxxxxxx",
  "user_name": "xxxxxxx@xxxxx.xx",
  "strategy": "google-oauth2",
  "strategy_type": "social",
  "log_id": "49560429270835143462033274365276196638692703163954233346"

Any help is much appreciated,

Thanks in advance.


Hi Auth0 team,

Please could you revisit your VueJS project example from “Clients” > “Test” > “Quick Start”? Example has all variables in place and it’s supposed to work out of the box. Unfortunately that’s not the case. Please see log above.

Many Thanks


I am having this exact same issue with the downloaded project. I get Access denied trying to sign up with 3 different email addresses, Twitter, and Facebook. I even deleted the client and started with a new one.
To be clear, I’m downloading the Quick Start project (the one with my client ID, etc, already loaded,) running npm install then npm start & attempting to do a ‘Sign Up’ from the client / hosted login page.


@eugene.svidko I disabled Brute Force Protection under Anomaly Detection & that seems to have cleared up my problem.
It was driving me crazy, because I started working on auth0 at the airport & could log in there, but haven’t been able to get it to work from my workplace until just now.


Im struggling with the exact same thing. Tried everything. I’ve cloned the react starter repo, replaced the auth details with the ones in the dashboard, and it keeps denying access. I thought it might be google, but its doing the same thing with Twitter login as well. Can someone please help