Overview
A user logging in with Google may get the following error, even if the default login route is set:
You may have pressed the back button
To reproduce this issue, follow these steps:
- Login using a Google account that has not consented to share information during the OAuth flow.
- On the Google OAuth consent page (throttle your internet connection to Slow 3G - this helps reproduce the next step). Click Continue to consent to sharing information with our app.
- While the callback (
[https://<tenant_domain>/login/callback?](https://%3Ctenant_domain%3E/login/callback?)...) is in flight, click Continue again. This triggers another request to Google and results in another callback with a different auth code.
Applies To
- Google Connection
- Authentication
Cause
When this article was created, the Google consent form allowed multiple clicks on the continue button. This triggers Google to send a second authorization code to the tenant /login/callback endpoint after Auth0 has processed the first one successfully, resulting in the error.
Solution
When this happens, the default login route is not used.
- A workaround is to set a custom error page and handle it there by checking the query string parameters appended to the URL.
- At this point, a redirection can be issued back to the app to start the login flow again.