I got a new phone and need to set up the new authenticator app, but I’m unable to remove the current 2FA from it (THe TOTP one time code setting).
I click remove, it asks “Are you sure you want to remove the authenticator?”, I click yes, then it asks me to login to confirm my identity. I put in my username and password, but it always says “There was an error processing the login”. I even tried resetting my password to make sure I had the correct one, but the error is the same. Really not keen on carrying around my old phone forever just to retain Auth0 access.
Hey there @bradmac! Is there any additional errors or logs on the management or device side of things that we can go off of? I would love to help you get this solved, I just need a little bit more information. Thanks in advance!
Because this is for my Auth0 management account (https://manage.auth0.com/#/profile), and not my account within our tenant, I don’t believe I have access to any relevant Auth0 logs. I did grab some messages from Chrome’s inspector if that helps:
Hi James.
What more information can we provide? I don’t se any logs in my account relevant to this error. (Probably because it’s failing on CORS before sending any requests).
Please see my post above.
Simon
@bradmac I see from your log that you are using a older version of the Auth0 lock, can we get you to update to version 11 when you get a moment? From there we will see if the issue still occurs and proceed to the next step.
@sbf I checked the ticket you referenced above and it too appeared to be using an older version of lock. When you get a chance can you upgrade as well?
@James.Morrison Same issue here. Not able to remove the TOTP in order to set my new authenticator client. As stated by @bradmac this is happening on the dashboard for managing auth0 itself, not within our tenant.
Do you have any timelines on when this issue could be resolved?
Hey there everyone @bradmac, @sbf, @dgua, @daniel.b, @dtraviglia, @nbessa! When you get a chance can you attempt the flow in question in a new browser session? For example, can you open a new Chrome Incognito window and attempt to add the device there? If this works then this may be related to browser cookies and my recommendation would be for you to clear any cookies associated with the auth0.com domain in the window where the flow fails. Please let me know if this helps!
Thanks for the quitck reply. I attempted the same on multiple browsers and OS. Chrome, Firefox on Ubuntu, Android and Mac Os. (Incognito and clearing all data)
If you need some more data, please let me know. But I believe the screenshot of @sbf is enough to describe the CORS issue. (Trying to load data from auth0.auth0.com from the page manage.auth0.com is not allowed.)
@James.Morrison were you able to reproduce? Have you made any changes to the code? Otherwise I’ve tested with three browsers exhibiting the same erroneous behavior also in incognito mode.
I had to loose my device and now I’m forced to login using emergency codes until this issue has been fixed.
When you get a moment can each of you DM me with the following information so we can move forward on:
Let me know whether the you want to reset the MFA enrollment (i.e. change device) or remove it altogether.
Let me know the email address of the affected user and any other instruction that the user might have provided (i.e. “Just for my Google social login”).
Associated Tenant
From there I will work with our team to remove MFA and let you know as each case is resolved. Thank you in advance.
