Problem with polymer app at login

We’ve been running a web app for 5 years using Auth0 and Azure AD.

We’ve not made any changes to the project in that time.

Suddenly around 18th October the login stopped working.

Any suggestions why?

Hi @Steve_Hilton,

Welcome back to the Auth0 Community.

Do you have any more information on what isn’t working? Do you see errors, behavior, etc.

This is the error message in console.

Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

That error is not likely to be related to the issue you’ve described. Can you describe what you mean by “not working”?

I.e. is the user not seeing the login page, are they not seeing the Azure login, are they not getting a token after successful login, etc.?

Screenshots, logs, any other evidence is helpful. Just be sure to obscure any sensitive data.


The app works by asking users to login. That would use Auth0 / AD and then show the data.

Since the problem the app has shown the login screen, allowed the user to enter their credentials but never given a token. In the Auth0 logs. This happens.

“date”: “2023-11-22T09:22:23.156Z”,
“type”: “f”,
“description”: “failed to obtain access token”,
“connection”: “WAzure”,
“connection_id”: “con_Q53nHgh7U7qjmkbo”,
“client_id”: “qIjHmQ4pSmQSHwQEHWwdN4Gu8TFrY5zl”,
“client_name”: “Polymer”,
“user_agent”: “Chrome 119.0.0 / Mac OS X 10.15.7”,
“details”: {
“body”: {},
“connection”: “WAzure”,
“error”: {
“message”: “failed to obtain access token”,
“oauthError”: “invalid_request”,
“type”: “request-error”,
“payload”: "{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app
“session_id”: “V7DwF9DoC5GLS2Izp20K1r31InxqYQ2V”,
“riskAssessment”: null
“hostname”: “”,
“strategy”: “waad”,
“strategy_type”: “enterprise”,

This looks like a good hint. Can you please confirm that your AAD client secret is correct in the Auth0 Dashboard → Authentication → Enterprise → {Your connection} settings? Did you rotate it at some point recently?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.