Getting a "Unauthorized" after Redirect Rule on Firefox

I’m trying to pinpoint exactly the scenario but so far, this error only occurs on Firefox (I’m testing on v 68.0.1)

We have a redirect rule to move the user to a /signed-up address if is a sign up. We do this for tracking purposes, to count successful conversion. We had to do that due to Social Logins, that don’t have an easy distinction on signup x login, hence we redirect based on logins count.

However, when using Firefox to signup, email + password, sometimes after the redirection, when the application redirects to the Auth0 /continue with something like:

window.location.replace(`https://${AUTH0_CLIENT_DOMAIN}/continue?state=${ state }`

We get a 401 Unauthorized page…
Should we do something different?

foriio-staging.auth0.com_Archive [19-07-19 18-04-50].har (4.3 KB)

Did a quick check on server logs and for the state captured in that HAR our server received two requests simultaneously so the first being processed invalidated the state and caused a 401 for the other request. Now the problem is why the two requests that per the headers are both originating from a Firefox user-agent; you may want to see if Firefox configured to use Fiddler as a proxy results in the two requests being shown.

Hum… let me try testing that.

This weekend we started to have a similar problem on Chrome but for every signup, I’m suspicious that it might got stricter or improved how the JavaScript flow works.

We figure that it was missing a return on our code to redirect the user to the /continue, hence the component was being mounted twice, and thus doing the request twice, invalidating each other.

So the fix was to add a return to the location replace:

return window.location.replace(`https://${AUTH0_CLIENT_DOMAIN}/continue?state=${ state }`

Thanks for the update: glad the situation got sorted.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.