In Internet Explorer when I try to login to my application locally, I receive the exception ‘Unknown or invalid login ticket’. I have also seen this happening in Chrome after a change has been pushed on the client side and clearing the cache and cookies fixes it. In addition, I’m also getting an error saying that there’s is a missing parameter: code in my query.
-
My questions are, what is causing the error?
My feeling is that the browsers are hanging on to an already retrieved token since clearing the cache and cookies usually corrects the issue.
If this is the case, how would I go about fixing this without having the user clear their cache and cookies each time?
Here’s the Lock Constructor method I call when a user logs in:
getLoginLockConstructorOptions = (returnUrl: string): Auth0LockConstructorOptions => {
// create an options object
var options: Auth0LockConstructorOptions = {
theme: {
logo: ‘/assets/img/login_logo_new.png’
},
allowForgotPassword: true,
rememberLastLogin: false,
allowSignUp: false,
avatar: null,
closable: true,
auth: {
sso: false,
params: { scope: ‘openid profile’ },
redirectUrl: window.location.protocol + ‘//’ + window.location.host + ‘/LoginCallback.ashx?returnUrl=’ + returnUrl,
responseType: ‘code’
},
languageDictionary: {
title: ‘Login’
}
};
// return the options
return options;
};
My localhost is in the allowed origins, allowed web origins, and login callback lists.
Looking in my logs, I can see that cross origin authentication is successful on both IE and Chrome within my production environment.