Auth0 Home Blog Docs

React SPA and "access_denied: Password login via OIDC-conformant clients with externally-hosted..."

oidc
#1

Hi,

I have a React SPA and added in Auth0 using the sample app provided. I keep getting this error, maybe 90% of attempted logins.

access_denied : Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark).

I’m not using externally hosted pages; I’m using the Auth0 provided dialog.

What does this error mean? Why am I getting it? Are the sample apps out of date?

Thanks,
Jeff

#3

Hi @jeffeld!

Welcome to the Auth0 Community!

Take a look at this response to a similar problem.

Let me know if this helps,
Dan

#4

Hi Dan,

Thanks for taking the time to reply; much appreciated.

I did have a look at some of the other issues where this error was being generated, but as I’m using the auth0-js npm module I’m not calling any endpoints directly.

I have figured out a rock solid repro case. The React sample app Auth0 supplies calls the login/logout methods in response to to a button click (and this works ok). My app calls the login/logout methods like this:

class SignInUi extends React.Component{
    render () {
        return null;
    }
    componentDidMount(): void {
        // Show the sign-in dialog
        auth.signIn();
        auth.renewSession();
    }
}

I did this so that login/logout can be called directly from the browser as a route. And this is the problem.

I feel that my use case is valid and the problem lay within the SDK.

I’d be interested to know your thoughts.

Many thanks,
Jeff

EDIT: For the moment, I’m doing the same as the sample app but I’d like to be able to implement login/logout via routes and not click handlers.

#5

@jeffeld,

Sorry for the delay in response.

Are you having any luck figuring this one out?

Best,
Dan