Auth0 Home Blog Docs

Intermittent error: Unknown or invalid login ticket



We switched to auth0-js 9 from auth0-lock (10, then 11) a few weeks ago, and things were working swimmingly until Thursday morning, when some of our team members were suddenly unable to login or signup. We have the cross origin verification page setup, it works well, and we are even logging customers out before logging in or signing up, but still the intermittent error persists as follows:

"error": {
  "message": "Unknown or invalid login ticket.",
  "oauthError": "access_denied",
  "type": "oauth-authorization"

I see that this is occuring for others beginning around the same time:

What exactly does this error message mean? Can anyone help me discern where it comes from? I see the generic “third party cookies” and “browser not supported” responses, but this is an intermittent error that we’ve seen in chrome and safari, on various machines, that seems to usually go away when Auth0 cookies are cleared, and does not go away consistently when the Auth0 tenant logout url is visited.

Is there any documentation surrounding this specific error? Any response from Auth0 regarding the few of us who are seeing it with no consistent repro or explanation?

My PM received one generic response from Auth0 stating “Thanks for reaching out. Please look at our documentation on Cross-Origin Authentication…”, and nothing past that. Any thoughts from anyone? Anyone? …Bueller?

Get an error Unknown or invalid login ticket

Same here. We see it mostly on Safari.


Hi, Manuel,

We were able to connect with support, and it indeed seems like this is a CORS problem due to the auth0 upgrade. We’re about to switch to a custom domain, which appears to solve the problem. The documentation indicates that it’s still in beta, but it appears that with most flows it’s production ready.

Setting up the custom domain was trivial for us, and not having to deal with the CORS issues and having our own auth subdomain are definitely wins. It does appear to be developer (read: paid) accounts only, so if that’s your case, you may need to opt for the universal/hosted login.