Hi there
One of my clients can’t login to my app. I have tried everything including clearing cache, incognito, deleting and adding his account again but at the point of authorize it keeps telling me that the token is expired.
Im using auth0Angular client in an Angular 1.5+ app. All other users have no issues. It seems something wrong with his machine, because I can’t login from his machine through my own account
Hey there @huzefa.yousuf, welcome to the Auth0 Community!
Are you seeing anything within the Dashboard logs associated with the user? You could also ask the user for a HAR file capture of their login attempt and walk through it there. I would be willing to peek at the HAR file as well to see if I see anything. This may be able to get you closer to the source of the issue. Thanks!
Hi @James.Morrison
Attached is the HAR file after the error was replicated again.
Its something wrong only with that machine that I cant really explain. Somehow looks like the IP or something is blocked by Auth0 for some reason. If I use his machine to login, none of my Auth0 accounts can get past, with all giving me the same error that invalid_token and expired_token as error code and error description
the code looks like this, which i borrowed from the samples and works great for everybody else and not this dude
this.angularAuth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
//do my app login stuff
}
else{
//something went wrong during login .... check the err object
}
First let me say I am sorry for the delay in getting back to you, I have been out of the office.
After inspection of the HAR file I don’t see anything that could be causing it to go awry on our end. What type of device is the user using? Any idea on browser or plugins that could be interfering? If the user logs in on a separate device do they experience the same thing? Thanks in advance!
The user was using Win7 and a version of Chrome. I could not find details from Auth0 of the useragent as it only stores logs for two days. I am not sure about any plugins on his machine though.
The user can use his account from a different machine no problem and also on his machine, nobody can login using my Auth0 authentication. It used to work fine till 2 weeks ago and something has changed since then, which nobody is sure of.
Is it possible if I provide their email address you guys can help check the logs on your end, see if you find anything funny ?
Can we find out if they have any plugins enabled so we can cross reference those to see if they could generate an issue? This is definitely interesting being a single machine instance issue.
Definitely! Can you get a timestamp for us when the user attempts the sign in process? With that I will review the logs on our side to see if anything looks abnormal.
We tried different browsers, Chrome and IE, so even if there were plugins installed on Chrome, it should have worked on IE.
Also just this afternoon, we have one more user complaining about the exact same issue. So its beginning to scare me now, if more users start seeing this issue.
@James.Morrison I will PM you this new user’s email address. This is a username-pwd authentication. I removed his account from my management console, and got him to create that again and he is still facing that same issue.
Can I please request to have some urgency on this, as 2 of our users can’t login to the system at all because of this issue ?
The two users mentioned are in two different physical locations and on different network / machine setup all together, and are not linked to each other in any way
Im checking what Antivirus they have on their machines (if any)
The logs should be recent enough, as they keep trying to login in an attempt to get through
As mentioned I had deleted their accounts and got them to create again, for both of them. They were able to login with their passwords so assuming it was all correct.
The real reason for the failure here is that when making this call to parse hash after auth0 authenticates and sends me back to my app url
this.angularAuth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
//do my app login stuff
}
else{
//something went wrong during login .... check the err object
}
the **err** object returns an error with the following information
{
errorCode: 'invalid_token'
errorDescription: 'Expired token'
}
If they were using wrong passwords they should not have reached this stage, dont you think ?
@dan.woda thanks for assisting, unfortunately I dont have access to that user’s machine to get you a HAR file. However the HAR attached in this threard should be good enough I guess ?