Unable to configure verification page

hi everyone,

I am trying to use embedded login flow ( in my case I cannot use universal login) with cordova app using auth0.js v9.x.x.

So far, I have already configured to login on desktop browser (chrome). After login I get redirected to redirectionURL along with the authorization code.

Example:
http://localhost/callback?code=GcoEluboW3HneyuD&state=7kKXEnDzeg3jwQk1xNyfgvrDSSvaOg50

But when I run the same code on app (cordova), I login then the app launches chrome to redirect me to the redirectionURL but with errors on URL.

Example:
http://localhost/callback?error=server_error&error_description=Unable%20to%20configure%20verification%20page.&state=B0asLa4HFnr576wUz8jw.Cj9KmSPAj0x

(later on production enviroment I will replace localhost with a hosted site)

Why is the same code not working on mobile ?

Any help would be appreciated. My chrome browser on phone does not have third party cookies disabled.

1 Like

Hi @biswas.khayargoli,
Also , I think you need to change localhost to some-ip (like 192.168.1.10 ) .
Add this ip on Dashboard-> Application → allowed callback URLs ( http://192.168.1.10/callback ).

Can you go to Dashboard->Logs , and share it here … (redacted-logs).
Please share your browser-details..

Sometimes this can happen due to cross-origin .

Rudimentary questions :

  1. Have you added “http://localhost/callback” in your allowed callback URLs ( in Dashboard-> Application → allowed callback URLs ).
  2. Why not use app-based-URLs to get the access_token (like com.mycompany.myapp://auth0data/callback …) ?

hi @adb

Yes, I have enabled http://localhost/callback on dashboard “Allowed callback URLs”.

Here are the logs and it also has browser details:

{
  "date": "2019-04-30T11:22:44.504Z",
  "type": "fcoa",
  "description": "Unable to configure verification page.",
  "connection": null,
  "connection_id": "",
  "client_id": "0aTevsdjXiw86uvEwF0P3VF3Kzv9fPpN",
  "client_name": "Smartflow",
  "ip": "202.166.201.74",
  "user_agent": "Chrome Mobile 74.0.3729 / Android 0.0.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "0aTevsdjXiw86uvEwF0P3VF3Kzv9fPpN",
      "response_type": "code",
      "scope": "openid profile email offline_access",
      "audience": "----------------------",
      "realm": "Username-Password-Authentication",
      "state": "hAx8VaOcvkeb3eT2cG3su~XK11vM1msA",
      "login_ticket": "ewCIQUlHS50eSl5JJ7rIvHBYgZhyhQot",
      "auth0Client": "eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xMC4yIn0="
    },
    "error": {
      "message": "Unable to configure verification page.",
      "oauthError": "server_error",
      "type": "oauth-authorization"
    },
    "session_id": "FkeLhDj96kqxCpKGkIp9oNlTuZJxPn5C"
  },
  "hostname": "-----",
  "audience": "-----------------",
  "scope": [
    "openid",
    "profile",
    "email",
    "offline_access"
  ],
  "auth0_client": {
    "name": "auth0.js",
    "version": "9.10.2"
  },
  "log_id": "90020190430112244504507827383495950023355557582406011392",
  "isMobile": true
}

Hi @biswas.khayargoli ,
What is your method of authentication username-pwd OR google-oauth ?

Also , i think you need to change localhost to some-ip …

Would recommend enabling cross-origin , more info @:
Cross-Origin Authentication

I am using username pwd as authentication method.
@adb I tried changing callback URL to http://192.168.1.10/callback but it redirects with same issue.

http://192.168.1.10/callback?error=server_error&error_description=Unable%20to%20configure%20verification%20page.&state=B0asLa4HFnr576wUz8jw.Cj9KmSPAj0x

From your previous post:

  1. Why not use app-based-URLs to get the access_token (like com.mycompany.myapp://auth0data/callback …) ?

How does this work can you explain breifly?

hi @adb

I did try usin the app based url on the redirect url.

I used it as:

YOUR_PACKAGE_ID://YOUR_DOMAIN/cordova/YOUR_PACKAGE_ID/callback

Replaced it with my app specific domain and package name, but still have the same problem.

I was successfully redirected back to my app, but the url obtained as callback was:

YOUR_PACKAGE_ID://YOUR_DOMAIN/cordova/YOUR_PACKAGE_ID/callback?error=server_error&error_description=Unable%20to%20configure%20verification%20page.&state=uKXPhgCtT8icCc.o6jmPCfBSdNCvpOe4

Could anyone please help me get the auth code back to my app?

Hi folks,

I am facing the same issue. This is my log output:

{
  "date": "2019-05-09T09:29:03.008Z",
  "type": "fcoa",
  "description": "Unable to configure verification page.",
  "connection": null,
  "connection_id": "",
  "client_id": "<HIDDEN>",
  "client_name": "---",
  "ip": "<HIDDEN>",
  "user_agent": "Firefox 65.0.0 / Mac OS X 10.14.0",
  "details": {
    "body": {},
    "qs": {
      "client_id": "<HIDDEN>",
      "response_type": "token id_token",
      "redirect_uri": "https://my_custom_domain/login",
      "scope": "openid profile email",
      "nonce": "<HIDDEN>",
      "state": "<HIDDEN>",
      "realm": "Username-Password-Authentication",
      "login_ticket": "<HIDDEN>",
      "response_mode": "web_message",
      "prompt": "none",
      "auth0Client": "<HIDDEN>"
    },
    "error": {
      "message": "Unable to configure verification page.",
      "oauthError": "server_error",
      "type": "oauth-authorization"
    },
    "session_id": "<HIDDEN>"
  },
  "hostname": "<HIDDEN>.auth0.com",
  "audience": "https://<HIDDEN>.auth0.com/userinfo",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "auth0_client": {
    "name": "lock.js",
    "version": "11.14.0",
    "lib_version": {
      "raw": "9.10.0"
    }
  },
  "log_id": "<HIDDEN>",
  "isMobile": false
}

@bruno.cascio my client has the same issue but it seems to be intermittent

Hey @ravil,

I fixed this following the docs about cross origin. Cross-Origin Authentication

I had the same interminet issue. It’s because some browsers don’t allow cookies. (e.g. safari, ie, edge, and some mobile browsers). Also, users could explicitly set “Do not track” option in their devices/browsers.

Hi @bruno.cascio thanks for that )
Do you have a custom domain (while we are on a free tier)?

In my case it seems to be related to clients browser - it is identified as
Apache-HttpClient 4.5.2 / Other 0.0.0 - which is a bit weird (it might be a tor-based smth like orweb, orfox or a kind of an app that implements apache-client based on java)

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?