Safari - Unable to configure verification page

kamran.khan · October 31, 2018, 9:50am

I have been using Auth0 for a long time now. The Auth0 lock ive implemented stopped working recently in safari. (Works in Chrome and Firefox).

This is the error message from the console.

{error: “server_error”, errorDescription: “Unable to configure verification page.”, state: “w5Eu5lhRuqQ_O-m284pB~sXDLwoZ6_Iz”} = $1

error: "access_denied"

errorDescription: "Unknown or invalid login ticket."

state: "7BJNDOb8JqYwVXkN41Exp.orU80lJQEf"

Code snippet or sample project that reproduces the bug

Angular

    constructor(private router: Router, private jwtService: JwtService) {

        this.lock.on('authenticated', (authResult: any) => {
            if (authResult && authResult.accessToken && authResult.idToken) {
                this.setSession(authResult);
            }
        });
        
       // This is firing and the above console message comes from here.
        this.lock.on('authorization_error', error => {
            console.log('Auth Failed', error);
        });
    }

    private setSession(authResult): void {

        this.lock.getUserInfo(authResult.accessToken, (error, profile) => {
            if (error) {
                throw new Error(error);
            }
            this.setProfileToken(authResult.idToken);
            localStorage.setItem('token', authResult.idToken);
            localStorage.setItem('profile', JSON.stringify(profile));
            this.router.navigate(['/']);
        });
    }

Screenshots when appropriate
Lock version

"auth0-js": "^9.8.0",
"auth0-lock": "^11.10.0",

Browser & OS

Browser: Version 11.0.3 (13604.5.6)
OS: macOS High Sierra version 10.13.3

Please tell me what i should do to fix this

konrad.sopala · October 31, 2018, 11:40am

Hey there @kamran.khan!

Can you let me know if you’ve made any changes to the code before this happened or it just immediately stopped working for Safari?

This kind of error: “Unknown or invalid login ticket” is most likely due to blocking of 3rd party cookies in the browser. I would suggest looking into implementing the Cross-Origin Verification Page

as this has resolved the issue in some cases. Other solutions would include moving to Universal Login

or implementing custom domains

this way the cookies are no longer third-party and are not blocked by browsers.

Let me know if that helps!

kamran.khan · October 31, 2018, 11:51am

Hey, @konrad.sopala

I can confirm it just immediately stopped working without any code changes.

We use auth0 lock on our webpage you can see here. https://reports.hellosoda-test.com. We have multiple websites that use auth0 lock. we have both a test and production tenants.

So i just looked at Cross-origin Authentication page you linked to thank you. In that documentation there are 2 solutions “Custom Domain” and “Cross-origin verification page”. You are recommending the “Cross-origin verification page” solution, can i ask why? Are there benefits and drawbacks to each you could kindly and briefly list?

Im looking for the easiest solution to get up and running again on safari.

konrad.sopala · October 31, 2018, 12:15pm

I do not suggest using specifically any of those (Cross-Origin Authentication, Universal Login, Custom Domains) I mean all of them should solve your issue and require approximately the same effort, but basically you need to keep a few things in mind:

To configure a custom domain you have to upgrade your account to any paid plan
https://manage.auth0.com/#/tenant/billing/subscription
Collecting user credentials in an application served from one origin and then sending them to another origin can present certain security vulnerabilities and cross-origin authentication flow which makes use of third-party cookies
Because cross-origin authentication is achieved using third-party cookies, disabling third-party cookies will make cross-origin authentication fail.
In terms of custom domains you must register and own the domain name to which you are mapping your
Auth0 domain
It is recommended that you use custom domains with Universal Login for the most seamless and secure experience for your end users

I know it seems like a lot of new stuff but that’s the case/issue that our users happen to come across from time to time and it’s because of 3rd party stack. If you want to see their cases here are some of them:

Let me know if that helps!

system · December 4, 2018, 11:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.