Now, I made a react application by using auth0-spa-js.
Our customer encountered the error in the title.
Although the universal login form was displayed then, after submitting the credential, he failed to log in.
(The screenshot is attached below.)
Our customer says he use a security software, called “menlo security”.
And The security soft does not support OpenID Connect completely.
What should I do to enable our customer to log in ?
IIRC, the 404 on that endpoint may not be indicative that the issue was related to the status code returned on that endpoint. At least it should not be looked at in isolation as the overall issue may be completely independent or at least not just related to that response code.
On the service side error page that you showed in the screenshot there will be most of the times some additional information like a tracking identifier or additional technical details. Can you confirm if when the error happens you have any of those present? With just that screenshot it may be complex, at least for me, to review this further.
Thank you for your reply.
I’ll explain more information about the screenshot error.
More Information for the screenshot
Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark).
According to auth0 dashboard log, there was the message.
However, my customer didn’t use the bookmark.
Some leads of my mind
About my program, I expose login route, where my code kick the redirect method to the auth0 login form, according to the following comment.
And Then I used Classic Universal Login.
About the emergent solution
Many times I try, I solved the problem by using New Universal Login instead of Classic.(I changed it at auth0 dashboard.)
After that, our customer succeeds to log in, and doesn’t encounter the error (POST https://<subdomain>.us.auth0.com/usernamepassword/challenge 404 not found)
I wonder why it is…
Because I wanted to use New Universal Login, I think it is nice.
But as I will introduce SSO function in the near future, I want to use home realm discovery which New Universal Login doesn’t support.
So, I want to know why the error occurred for the case that I will have to use Classic again.
The error message you mentioned is not associated with the endpoint in question as originally suspected. The reason you don’t see that 404 with the new universal login experience is simply because the new experience works differently in terms of flow so that endpoint is not used from the client-side.
However, the reason for the error was likely unrelated; I’m afraid that the error may be triggered by more than just bookmarks and in order to have a more definitive review of the issue we would need at least an HTTP trace of the login flow leading to the issue.