New setup getting a vague error

Get Help
,
1

Setting up a demo, getting login failure. I followed all of the instructions to get up a new application, everything is in place, but when the Authn request is made to Auth0, I get a non-descriptive error: “type”: “f”, “error”: {
“oauthError”: “invalid_request”,
“type”: “request-error”
},

I’m not sure what to do next. Everything the AI helper is saying is not really an issue, and I don’t know what is invalid about the request. I do have it signed, and the cert that I set up in the Application is the same one on my end.

The SAML implementation is custom on this end, so I can check/adjust anything. But with a vague error, I’m not sure what is wrong? Any ideas?

Thanks.

3

Here’s an example of my request (there’s noting sensitive here):

<?xml version="1.0" encoding="UTF-8"?>                                                                                                                                                     
  <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_f26c757a-5d2d-4e4c-b534-8f66066d4530" Version="2.0" IssueInstant="2026-01-19T19:26:45Z"                                    
  Destination="https://dev-eectp3yvmhkxogwn.us.auth0.com/samlp/bZgtijsTG5bBtsri358KYnysEEwUA0Cq"                                                                                             
  AssertionConsumerServiceURL="https://api-via.dev.vaultara.com/station/saml/acs/27b8b8f2-8125-4cb8-8f9c-41a64604c5aa" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">     
  <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://station.dev.vaultara.com/saml/27b8b8f2-8125-4cb8-8f9c-41a64604c5aa</Issuer>                                                  
  <NameIDPolicy xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"></NameIDPolicy>                              
  </AuthnRequest>

It’s not signed, and I haven’t uploaded a cert to Auth0. Also, the user (mine) is already logged in, and authorized for this app. There’s no place to put Issuer/EntityId, but the callback URL is correct.

What next to check?

Thanks,

4

Finally, one more observation - I am getting two hits to the log in the Web UI - the second has my client Id, the first doesn’t. Otherwise they are exactly the same.

5

Found the issue - looks like the problem was on my end. Spaces in the request not properly encoded to base64.

Blaming Claude for it.

Thanks!

1 Like
6

Hi @david.richard

Welcome to the Auth0 Community!

Thank you for sharing this with the Community, I’m glad to hear that you’ve found the fix for the issue!
Wanted to add some more details here in case others encounter a similar issue of “oauthError”: “invalid_request”, “type”: “request-error”, this can usually indicate that the SAML Request is not valid in some way. You can use tools such as https://www.samltool.io/ to analyze a SAML Token and troubleshoot the issue.

Just to have these handy as well, I will share some documentations that could further help:

Please do not hesitate to reach out to us for any other issue or requests.

Have a great one!
Gerald

7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.