Monthly Quick Tips - January

Hey folks! Back with another installment of monthly quick tips on trending search terms in the community. Here are a handful from the past month:

Facebook login

  • CIC (Auth0) provides a Facebook Social Connection which allows your customers and employees to securely access your applications utilizing Facebook as identity provider - CIC also supports Facebook Login specifically for native applications.

jwt invalid signature

This can be a bit of a tricky error to troubleshoot, but here are a couple things to check:

  • If utilizing and getting “Invalid Signature” when attempting to decode an access token, this is most likely due to the fact that the token is opaque - You’ll need to include an audience param in your configuration of the /authorize request by way of an SDK or when manually constructing the url.

  • Secret Mismatch: The secret key used to verify the JWT signature on your server doesn’t match the one used to sign the token by Auth0.

  • Algorithm Mismatch: The algorithm specified in your verification method doesn’t match the algorithm used for signing by Auth0 (think RS256).

  • Configuration Issues: Incorrect Auth0 client settings and/or domain could also lead to this error.

too many redirects Safari

  • Review redirect URLs: Ensure that the redirect URLs specified in Auth0 and your application are correct and do not create a loop.

  • Verify your Auth0 application settings, especially the allowed callback URLs, logout URLs, and allowed origins.

  • Review the following FAQ:

has been blocked by cors policy: response to preflight request doesn't pass access control check: it does not have http ok status.

  • ​​Double-check that the “Allowed Web Origins” and “Allowed Origins (CORS)” fields in your Auth0 settings include the domain from which the request originates.

  • If you are running your application locally, ensure that the local host and port are also added to the Auth0 CORS settings.

failed to fetch. possible reasons: cors network failure url scheme must be "http" or "https" for cors request.

  • Check your browser’s console logs and network tab for more details on the failed request.

  • Make sure CORS is configured correctly on the Auth0 dashboard and in your server settings.

  • Verify the URL scheme to make sure it’s either HTTP or HTTPS.