Auth0 Home Blog Docs

Password login via OIDC-conformant problem


#1

We faced this issue sometimes. Not every time we login.
We didn’t change anything in our product

Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark)

is there anything wrong here?
or just auth0 bug?
thanks


#2

We are seeing this error too, specifically for one user. Most other users can log in just fine. In my case the user in question is using a native app (same as all the other users), which uses the Auth0 Cordova module for login against the hosted login page.

Is there anything on a particular user’s device that would cause this error?


#3

The error you mentioned typically occurs when the state parameter is missing and you are using an OIDC-conformant client. Usually this problem occurs when users bookmark the /login URL that /authorize redirects to and attempt to log in directly.

The endpoint that the client application should redirect to is /authorize which is the entry point for redirect-based flows (https://auth0.com/docs/api/authentication#authorize-client).


#4

Hi @jeremy.meiss - in our case we’re using the Auth0 cordova package, which has its own authorize() method on it. That will do the redirecting to the endpoint it needs. So bookmarking shouldn’t be in play here.

Again, other users are able to log in with the same mobile app. Seems like some other factors can trigger this error on the Auth0 side…


#5

One other note. In the Auth0 logs this user who is triggering this error does get a successful login event. So they get a successful login, but then this error in the logs. In their UI they end up seeing the Oops!, Something went wrong Auth0 page.