I’ve been experiencing an issue using the auth0-js library to perform a cross-origin login from a login form hosted in my application. This works successfully nearly all of the time.
For some users, often in an Incognito browser, Auth0 redirects them to the Universal Sign-On page hosted by Auth0 instead of redirecting directly back to my application. When the user signs on again, the authentication flow works as expected. This happens both with a manual email/password login and with a social sign-on.
The difference in redirects / network calls appears to occur when making the GET request to [custom-domain]/authorize. When the login flow works correctly, the 302 response Location directs the user back to the redirectUri provided to the auth0-js webAuth client login method.
When the user is incorrectly redirected to the Universal Login Page, the authorize endpoint returns a 302 response with Location of /authorize/resume with a state query parameter. After login the user is correctly redirected to the redirectUri I passed to the auth0-js webAuth client.
Additionally, when the user experiences two login pages, the error “Unable to configure verification page.” appears in the URL as a query parameter.
How can I debug why users are sometimes redirected differently? How can I find out the error appears in the URL? Since the redirect of issue occurs from a Auth0 endpoint I’m having trouble finding the cause.
I can create HAR archives with failing and successful requests but I do not see where they can be attached.