Multiple Errors On Chrome Broswer

aseem · February 22, 2018, 11:20am

Hi,

Some of the users are getting some weird errors in chrome, its not happening to me when i am trying to login/register locally in chrome browser.

These are the log traces

"error": {
  "message": "Unknown or invalid login ticket.",
  "oauthError": "access_denied",
  "type": "oauth-authorization"
}
"error": {
  "message": "Unable to construct sso user.",
  "oauthError": "server_error",
  "type": "oauth-authorization"
}

I have disabled all the rules and webhooks, still few users are getting this error on chrome works fine on safari though ?

looks like cross origin authentication issue , i have already provided the Fallback for this in the code according to Cross-Origin Authentication
I am using custom embedded login page with auth0-js: 9.02

Occurred	an hour ago at  2018-02-22 02:14:42.790 UTC
Type	Failed cross origin authentication
Description	Unknown or invalid login ticket.

ricardo.batista · February 22, 2018, 3:18pm

Can you try updating to the latest Auth0.js v9.2.3 just to be sure it is not a bug already fixed in this version?

You an also check if you have added all Allowed Callback URLs, Allowed Web Origins and Allowed Origins (CORS) in the client settings. You can read more about these here:

https://auth0.com/docs/libraries/auth0js/v9/migration-v8-v9#configure-your-auth0-client-for-embedded-login

https://auth0.com/docs/clients/client-settings/regular-web-app#settings

Finally, the “Unable to construct sso user.” error can also happen if you’re trying to do silent authentication for a user that has been deleted from your database in Auth0. Is it possible that some logged in users where deleted?

aseem · February 23, 2018, 10:59am

Thanks for reply,

I have tried all the above steps, still the problem persists.
I was wondering if custom domain

is the answer but i am skeptical looking at the Beta tag on it.

ricardo.batista · February 23, 2018, 4:43pm

Also, according to the document you linked, cross origin authentication unfortunately isn’t supported for some browsers, listed in the browser support matrix. This table shows the current state of the cross origin authentication for browsers when 3rd party cookies are not enabled. E.g., if the 3rd party cookie is not enabled for Chrome in MacOS, CO login flow is not supported.

Rephrasing our recommendation from the same link, in order to avoid situations in which your users would be unable to authenticate, you may wish to ask your users to leave third party cookies enabled or to switch browsers. You could also simply inform users of the non-support of those browsers when third party cookies are disabled.

This limitation is another reason why the more practical solution, where possible, is to use the Hosted Login Page and circumvent this issue entirely.

meixner.tobias · February 23, 2018, 10:28pm

@ricardo.batista Getting the same error here starting from yesterday:
Unknown or invalid login ticket

Getting the same after upgrade to:
“auth0-js”: “^9.3.0”,
“auth0-lock”: “^11.1.0”

Domains are listed in CORS, Callback and Web Origins - seems to be an issue on Auth0 side?
This has been working the last weeks with errors popping up just yesterday.

david4 · February 23, 2018, 10:36pm

Any response from Auth0 on this? I know they don’t offer support to their free customers, but is there a way to raise the fact the product is currently broken?

ricardo.batista · February 23, 2018, 11:00pm

Are third-party cookies disabled on your browser? You can check this matrix for supported browsers.

If not, the best solution would be to move to the hosted login page, as stated here: Cross-Origin Authentication

v-matthew · February 24, 2018, 5:44am

+1 @ricardo.batista - My team started seeing this error yesterday morning, after migrating from lock to auth0-js 9.2.0 a few weeks ago. Hitting the logout url for the tenant seemed to fix this temporarily for all parties getting the error. I’ve not been able to reproduce on my machine, but various new user signups continue to exhibit this behavior. It’s not a third party cookies disabled issue, as it’s intermittent, and no one is sitting around toggling this feature. As for ‘moving to the hosted login page’, would love to hear a different solution from auth0 re: the inexplicable intermittency

Mikepat · February 27, 2018, 5:08am

@ricardo.batista

We are seeing the same intermittent error with Chrome. Using lock v9.2.3.

“error”: {
“message”: “Unknown or invalid login ticket.”,
“oauthError”: “access_denied”,
“type”: “oauth-authorization”
},

Any ideas?

konrad.sopala · August 27, 2019, 11:50am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?