Auth0 Home Blog Docs

Bookmarked Login Page, cant login

lock
auth0
login
hosted-login-page

#1

Hi there

We have the strange behavior if someone Bookmarks the Hosted Loginpage URL and use it again the other day, he get a generic “Oops something is wrong” error message. It would be great if it would be possible to reload the Login Page or generate a new, not outdated state.

Is this possible, is there anything we can do about this?
Would this problem even exist if we used a custom domain?

I found others with this problem but there seems no real solution.

Thanks in advance for your time and sorry for my bad english.

best regards
Marco


#3

:wave: @goodman I believe at this time when users are bookmarking the /login page that will happen and that behavior is expected. The issue occurs when you are making a call to /authorize URL but the state parameter is missing. The state parameter is used to mitigate CSRF attack and so during authentication, the application sends this parameter in the authorization request, and the Authorization Server (Auth0) will return this parameter unchanged in the response. It is recommended not to bookmark the login page. (more info if anyone is curious can be found here: https://auth0.com/docs/protocols/oauth2/oauth-state ) but I know we can’t be total control of user’s bookmarking this.

Our engineering team is aware of the challenges this causes. Improvements to this are being developed, however we can’t quite provide any ETA or commitments at this time.

In cases where this error is thrown, we could try configuring a custom error page in our application from tenant settings, then handle the error by initiating a new login by calling the /authorize endpoint.

We can send out a notification once we have progress on the changes to support bookmarking the hosted page, but as mentioned earlier I don’t really have any ETA.


#4

Hi! Sorry to hear that you’re experiencing this issue. Most commonly it can be resolved by using something like an incognito window, or by clearing your browser’s cache.

Please let me know if the issue persists after trying this. Cheers!


#5