MFA with Duo stopped working

rpaligo · April 19, 2017, 2:37am

Beginning last night, the integration with Auth0 and Duo stopped working. This morning it began working again. This afternoon it is down. We have used this integration for almost two years. The logs in Auth0 show a successful log in. The logs in Duo show the same. Auth0 returns the following error to the application:

Error parsing hash URL. Check your scopes.

The logs in Auth0 show that the MFA completed:

"prompts": 
    {
      "name": "mfa",
      "initiatedAt": 1492544615079,
      "completedAt": 1492544631393,
      "performed_acr": 
        null
      ],
      "performed_amr": 
        "mfa"
      ],
      "elapsedTime": 16314
    }
  ],

Please help!

jmangelo · April 19, 2017, 6:10pm

A quick test shows that the Duo integration itself works; this is aligned with what you see in the logs in relation to the actual login being successful. Can you provide more information about the source of that error message? Is this a web application, what libraries are you using from Auth0 in the application? The more information you can provide the easier it is to troubleshoot the possible cause.

rpaligo · April 19, 2017, 9:06pm

Yes, this is a web application built using the MEAN stack. The error is thrown on line 1241 of the auth0-7.6.1.min.js file:

var f = c.description || c.message || c.error;
“PasswordStrengthError” === c.name && (f = “Password is not strong enough.”);
var g = Error.call(this, f);

All that the error message says is: Error parsing hash URL. Check your scopes.

jmangelo · April 20, 2017, 11:22pm

I was unable to repro with an application making use of Auth0.js 7.6.1 directly, so it may be related to additional libraries when used with Angular. Can you share a network capture, for example using Fiddler, of an interaction that reproduces the error? Be sure to remove any sensitive info from the trace and/or use a test account with disposable credentials or even share it in a password protected archive file (you could then share the password only to @auth0.com emails through sharelock.io).

rpaligo · April 21, 2017, 10:20pm

When I enabled the integration for the network capture that you requested I found that the integration was working once again. We have changed nothing on our side. Can that error message string be found anywhere inside of the Auth0 code base?