Auth0 Home Blog Docs

Unable to validate session-bound result token

login-error

#1

Hi Team,
when we leave the hoisted login page of our application for a long time.It goes to error page of auth0 with error – Unable to validate session-bound result token.

{
“date”: “2018-08-03T06:43:20.954Z”,
“type”: “f”,
“description”: “Unable to validate session-bound result token.”,
“connection”: “Username-Password-Authentication”,
“connection_id”: “con_0OSTu5DYjGIPhuah”,
“client_id”: “0viZBdFDGCNE1STH5JS2XJz6lsULH9Ri”,
“client_name”: “”,
“ip”: “”,
“user_agent”: “Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0”,
“details”: {
“body”: {
“wa”: “wsignin1.0”,
“wresult”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoiNWI0NTk1MmVjOThhNTM1NmE5OTk3ODQ1IiwiZW1haWwiOiJ5dWFuc2hlbmcueHVAc2llbWVucy5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibGFzdF9wYXNzd29yZF9yZXNldCI6IjIwMTgtMDctMTJUMDg6MTQ6NTUuMDE4WiIsInNpZCI6Ik5xNzhGdWpMRDdueEo1SnBvbDVjRHZRbWhWVW1vYlgtIiwianRpIjoiNWI2M2Y5ODhkODhhNjk0MDFjYTA3ZDYxIiwiaWF0IjoxNTMzMjc4NjAwLCJleHAiOjE1MzMyNzg2NjAsImF1ZCI6InVybjphdXRoMDpzaHNwcm9kOlVzZXJuYW1lLVBhc3N3b3JkLUF1dGhlbnRpY2F0aW9uIiwiaXNzIjoidXJuOmF1dGgwIn0.h4I_G4SfPpcPUriHWETH5S5sL8t_YgiFIuqjCHcvWrFPCThmCvP8O1yu1Th6EjSfJTiH7p7I_FobfcsygwWgMsxq8GmY8krnms3a3ZAAE5o5AKx3Hu4WUd89L8Az0K27TL3Ogtct3PW31pcpFLv8nsDklHw5EVfS1bILOlbQc98”,
“wctx”: "{“strategy”:“auth0”,“auth0Client”:“eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4yLjMifQ==”,“tenant”:“shsprod”,“connection”:“Username-Password-Authentication”,“client_id”:“0viZBdFDGCNE1STH5JS2XJz6lsULH9Ri”,“response_type”:“code”,“scope”:“openid email”,“redirect_uri”:"https://webclient-cut.eu.api.teamplay.siemens.com/login.html#/",“state”:“DJWCPVj_eAI9dBtvmt6qshv0H_RB7_XW”,“nonce”:“St5GR8NnjKr~XKa3”,“sid”:“Nq78FujLD7nxJ5Jpol5cDvQmhVUmobX-”,“audience”:“https://shsprod.eu.auth0.com/userinfo”,“jti”:“5b63f988d88a69401ca07d61”,“realm”:“Username-Password-Authentication”,“session_user”:“5b63f988bd4d6b7e562c1a98”}"
},
“qs”: {},
“connection”: “Username-Password-Authentication”,
“error”: {
“message”: “Unable to validate session-bound result token.”,
“oauthError”: “invalid_request”,
“type”: “request-error”
}
},
“hostname”: “”,
“log_id”: “90020180803064320954636544350907313481545897783823695874”
}


#2

There is a session timeout. I don’t know what the exact time is, it is something like 30 minutes or maybe a couple of hours. That timer starts when you redirect to /authorize, if the login doesn’t happen within that session timeout, then you can end up getting errors. You should be able to handle that error and redirect them back to the login page from your callback though, with some sort of “session timed out error, please log in again”.


#3

Just encountered same issue. Carlos, could you clarify how it can be handled?