Auth0 Home Blog Docs

Cannot login through email and password Auth0Lock



I am using Auth0Lockto integrate social network with application. The social network is integrated successfully but login without social network is not working.
Following is response I am getting from the server:
error "invalid_grant"
I found that this response is got from the custom database login script. How can I use database on auth0 for login purpose in Auth0Lock.

Following is the code

var lock = new Auth0Lock(AUTH_CONFIG.clientId, AUTH_CONFIG.domain, {
   oidcConformant: true,
    autoclose: true,
  auth: {
  redirectUrl: AUTH_CONFIG.callbackUrl,
  responseType: 'code',
  audience: 'https://' + AUTH_CONFIG.domain + '/userinfo',
  params: {
    scope: 'openid'
   lock.on('authenticated', function(authResult) {
   if (authResult && authResult.accessToken && authResult.idToken) {
  lock.on('authorization_error', function(err) {
    alert('Error: ' + err.error + '. Check the console for further details.');

When I hard code the id in custom login script I successful login to the application.
callback(null, { id : ‘auth0|5*****dcdd9’,
email: ‘’,
nickname: ‘Mubeen Ahmed’ });


You mention that if you hardcode a user profile response in the custom database login script then the authentication works as you expect. This suggests that the client application side of it (Lock) is fine and has no bearing in the underlying root cause. Another possible test to ensure that Lock configuration is fine for username and password credentials would be to temporarily configure the client application to use a regular database connection instead of your custom database connections.

If the above also works as expected then the source of the issue is proved to be the custom database script. In this situation, given there’s custom code involved it’s hard to provide a definitive answer it’s not possible to fully replicate the exact condition.

The recommendation would be for you to instrument the custom database scripts with console.log statements and then use the Real-time Webtask Logs extension to review the output during the authentication requests.