The server responded with a status of 400 for /authorize


I am trying to use Auth0 for my react app, I did the basic configurations as given in the get started pages and sample code. I am able to login, but I often get the 400 error for the /authorize endpoint as well as “Could not get a new token (timeout: Timeout during executing web_message communication).” error while I try to renew the token.

I am not sure what is causing this, if there is anything I have configured wrong, I need help in figuring that out.

Hi @vishwasnavadak ,

  • HTTP 400 : means:-> BAD REQUEST.
  • Check for any missing parameters (declared below) .

Are you generating the URL yourself or through some service?

Is this happening a lot of times ?
If yes ,
Can you share the technical details panel in the page (redacted).

You can go to Dashboard -> Logs , and see the details there .

As per my understanding the /authorise ,must have :
client_id= SOME_CLIENT_ID
response_type= token%20id_token
redirect_uri= http://localhost:9090/callback
scope= openid%20email%20profile
nonce= test
auth0Client= eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xMC4yIn0%3D

I am just using sample code for react. It is happening all the time.

I don’t see any errors in the error logs. The login is getting completed successfully.

Below is my auth config.

auth0 = new auth0.WebAuth({
domain: auth.domain,
clientID: auth.clientID,
redirectUri: auth.redirectUri,
responseType: “token id_token”,
scope: “openid”,
audience: auth.audience,
issuer: auth.issuer

Should I try adding email and profile to the scope?


Hi @vishwasnavadak ,
My configuration Looks like this :
auth0 = new auth0.WebAuth({
domain: “”,
clientID: “gh245d45fgdfsghdfggCCC”,
redirectUri: “”,
scope: ‘openid email profile’,
responseType: ‘token id_token’,

PS : The redirectUri ,must also be present in the dashboard->Application -> Allowed callback urls. You need to add the callback uri there.

Can you share the error you are getting with the ?
My set-up info : chrome (72) , linux. ( Auth0 - version 9.1)

Are you using the Github project from Auth0 ( for react) .
Are you using the “01-Login” or another module ?

Yes @adb, I am using 01-Login, Here is the screenshot of the console.

Running on Chrome 73 on OS X.

Link to the code:

Hi @vishwasnavadak,
I don’t think “” is very chaotic (it’s the same for me , I also get a 404 for it).

What data you got on the 302-http-response to “localhost:3000/callback” ?(is it the same error ,error desc.)
can you share the logs /technical details .

Open Network-tab ( in developer mode/ F12)

In " Request URL:…". -with a 302 http
you must be getting Response headers " . what is the value of location key.?

Hi @vishwasnavadak,
Your code was running succesfully.
I was able to login via both google and username-password .

The config I used in Auth.js …
auth0 = new auth0.WebAuth({
domain: “”,
clientID: “CLIENT_ID”,
redirectUri: “http://localhost:3000/callback”,
responseType: “token id_token”,
scope: “openid email profile”

Hi, The login is working for me as well. the /authorize error I am getting is after the login and the token gets lost after the expiry time instead of getting renewed. Hence logging me out of the page.

Here is the response for /callback.

I goes something like this :

http://localhost:3000 => => credentials here) => http://localhost:3000/callback#access_token

Are you trying to log-in using username-pwd or google-oauth ?

I have incorporated some change in github-code , can you run that one ?
I have commented the “this.scheduleRenewal()” and certain params from "auth0 = new auth0.WebAuth({… " in Auth.js.

Tell how this one works out.

I need something like this :

Do you see a “/authorize?..” with a 302-http response ( you can use the preserve-log functionality of chrome-developer-Network)

1 Like

I am using google-oauth. I tried putting the patch you gave. The result is still the same.
I have configured the callback in the auth0 dashboard as well.

The /authorize gets called multiple times. Once the login is success and comes back to the logged in page of my application, /authorize throws error 400. I have put the screencast in .

Let me know your thoughts.

Here are the screenshots for the failed /authorize call.

Hi @vishwasnavadak ,
The 400 you are getting is beacuse of " renewSession() call" in dashboard.js, comment that one out till you truly understand the flow of Auth0. It’s not very chaotic. :slight_smile:

Auth.js - My custom flovour

Now , in Auth.js -> setSession(authResult) , you must store {accessToken , idToken , expiresAt} in localStorage .

Then , in Auth.js -> constructor() , you must get all the items and store them in Auth-component-variables.

Then , maybe try the renewSession().

1 Like


Now I understand the issue properly. I was thinking to cache them in localstorage. Good to know I was going in right direction.

Thanks for the help.

1 Like

Thank you a lot @adb for adding your knowledge to this one!


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.