If we type incorrect credential with loginWithRedirect, auth0 do post that return 400 Bad Request


We use to in our outlook popup:
createAuth0Client(state.auth0Options).then(auth0 => {
redirect_uri: state.auth0Options.dialogRedirectUri

When user type incorrect credentials auth0 do POST to
that return 400 (Bad Request)

But this is error can broke behaviour for some specific place or browsers, for example: in Popup for Outlook Desktop.

Hi @Antoni,

Welcome to the Community!

What is the error message? You should be able to see the full error in your dashboard logs .

This is return 400 (Bad Request) because the user types an incorrect password, this is your normal behavior because it was posting your form (you can try it). Usually, it’s OK. But for example in outlook popup, you cannot do this way, because outlook sees that it was a Bad Request for some post request.

I thinking you should return Code 200 with details that incorrect credentials. Because request is correct, but user credentials is not correct.

Thanks for the feedback.

It looks like this is defined in the OIDC spec as follows:

If the End-User denies the request or the End-User authentication fails, the OP (Authorization Server) informs the RP (Client) by using the Error Response parameters defined in Section of OAuth 2.0 [RFC6749]. (HTTP errors unrelated to RFC 6749 are returned to the User Agent using the appropriate HTTP status code.)

1 Like

Thanks, yes you are rigth.

But anyway Microsoft Outlook application detected that your page has 400 (Bad Request) and hides your page and displays an error message. So, How your form send this post to the server? Use what? Can I see the code? Or this is just form submit?

Can you post an example of the behavior you are talking about? I’m not sure I fully understand your description.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.