Error: Bad Request when trying to authenticate user

Please include the following information in your post:

  • Which SDK this is regarding: @auth0/auth0-react
  • SDK Version: 1.8.0
  • Platform Version: React 17.02

I have tried to authenticate by following the docs but receive the following log message in the dashboard:

  "date": "2021-09-24T11:28:56.182Z",
  "type": "f",
  "description": "Error: Bad Request",
  "connection": "underwriteme-identity-store",
  "connection_id": "con_tiS7CX33pSRdeNLd",
  "client_id": "S9Ln0isi3k5ns2q5f4uMr0fzr7Lmf0rA",
  "client_name": "TM RP test",
  "ip": "",
  "user_agent": "Chrome 93.0.4577 / Mac OS X 10.15.7",
  "details": {
    "body": {},
    "qs": {
      "state": "J4VniPPIxb1-qyE5vCL9P8ZQV5JikVqR"
    "connection": "underwriteme-identity-store",
    "error": {
      "message": "Error: Bad Request",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
    "session_id": "Rs9_CghSVY5Y508bOCrvYuw3VpUNqTLC"
  "hostname": "",
  "user_id": "auth0|75c8db24-a148-4fcb-8f51-a2359507dd67",
  "user_name": "",
  "strategy": "auth0",
  "strategy_type": "database",
  "audience": "",
  "scope": [
  "log_id": "90020210924112859087419423927832609099079344584025702498",
  "_id": "90020210924112859087419423927832609099079344584025702498",
  "isMobile": false

I have set up the provider in accordance with the docs like so:

      scope="openid profile email offline_access"
      maxAge={60 * 60 * 24}

I can see the login dialog pop up, I enter my credentials and i successfully get redirected to http://localhost:3000/policy-management. But he url also contains the error as params:


However, when I use the useAuth0 hook user is undefined and isAuthenticated is false.

I have checked my Dashboard settings and it is correctly set to Single Page Application and None for Token Endpoint Authentication Method.

Could someone help point out what I may have misconfigured?

Hi @ryan.pays
Even though authentication is successful, your application is getting the following authorization response:

error_description=Error: Bad Request

The access_denied error code is a very strong indicator that the authorization was denied in a rule. This can be either on purpose:

function(user, context, callback) {
   if (someCondition) {
     return callback(new UnauthorizedError("You can't log in");
  callback(null, user, context);

or it can also be an error in rules that is either uncaught or bubbled up. E.g. calling an external API and returning the error directly if an error is detected:

function(user, context, callback) {
  request(options, function(err) {
    if (err) {
      return callback(err);
    callback(null, user, context);

If the external API request returns an Error: Bad Request (or any other error), the application would get that error directly as you are directly returning it as the authorization outcome.

Check your rules, it’s very likely that one of them is causing this error. :+1:

1 Like


It was to do with one of our Connections. The application was not registered with the connected database hence the error.

Have got it working by using an older app credentials that is connected already.

1 Like

Wooohoo! Glad you have figured it out and thanks for sharing with the rest of community!