Error: No verifier returned from client

Hi there,

we are trying to use auth0.js for login. With Chrome it’s not a problem, but Firefox or Chrome incognito mode yields No verifier returned from client.

Here is our simple test setup:

index.html:

<html>
  <head>
    <script src="https://cdn.auth0.com/js/auth0/9.19.0/auth0.min.js"></script>
  </head>
  <body>
    <script>
      const auth = new auth0.WebAuth({
        domain: domain,
        clientID: clientId,
        redirectUri: `http://localhost:4200/callback`,
        audience: audience,
        scope: 'openid email profile',
        responseType: 'token id_token'
      });

      const state = JSON.stringify({
        redirectUrl: '/'
      });
      const nonce = "random";

      auth.login({
          realm: 'Username-Password-Authentication',
          username: username,
          password: password,
          redirectUri: `http://localhost:4200/callback`,
          state: state,
          nonce: nonce
        },
        err => {
          console.log(err);
        });
    </script>
  </body>
</html>

callback.html:

<html>
  <head>
    <script src="https://cdn.auth0.com/js/auth0/9.19.0/auth0.min.js"></script>
  </head>
  <body>
    <script>
      const auth = new auth0.WebAuth({
        domain: domain,
        clientID: clientId,
        redirectUri: `http://localhost:4200/callback`,
        audience: audience,
        scope: 'openid email profile',
        responseType: 'token id_token'
      });

      const state = JSON.stringify({
        redirectUrl: '/'
      });
      const nonce = "random";

      auth.parseHash({
        hash: window.location.hash,
        nonce: nonce,
        state: localStorage.getItem('state')
      }, (err, authResult) => {
        console.log(err);
        console.log(authResult);
      });
    </script>
  </body>
</html>

auth.parseHash returns the error:

{
    "error": "invalid_request",
    "errorDescription": "No verifier returned from client.",
    "state": "{\"redirectUrl\":\"/\"}"
}

We’ve set up a Cross-Origin Verification Fallback like this:

<!DOCTYPE html>
<html>

<head>
  <script src="https://cdn.auth0.com/js/auth0/9.0.0/auth0.min.js"></script>
  <script type="text/javascript">
    var auth0Client = new auth0.WebAuth({
      domain: domain,
      redirectUri: redirectUri,
      clientID: clientId,
      responseType: 'token'
    });
    auth0Client.crossOriginVerification();
  </script>
</head>

<body></body>

</html>

Anything we’re doing wrong? It not only happens on localhost, also on staging environment.