Auth0 Home Blog Docs

URGENT : need help auth0 redirection error

Hi All,

I have integrated auth0 in my react SPA. On calling auth.login() on startup , I get a login prompt and when I try to login with my gmail account, I see the callback error in browser address bar as:-

http:/localhost:5000/callback#error=access_denied&error_description=Cannot read property ‘hierarchy’ of undefined&state=twkp-gb0gYIs1MgNSBEoacMgjOUlt_aI

Upon checking the network tab, I don’t see any API response for the authorize call. I am clueless as to what’s wrong. Pointers to fix this would be appreciated.


HI Saurabh
The error you are getting is most likely caused by a rule. You most likely have something like someObject.hierarchy in the code, and someObject is null or undefined.
If you are trying to access the user’s app_metadata or user_metadata, make sure to check if these fields are null before trying to read their properties.

Thanks Nicholas. I have already fixed that. Now I get a new error in . handleAuthentication as below:-

auth0.min.esm.js:8 Refused to connect to ‘’ because it violates the following Content Security Policy directive: “default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ http://localhost:5000”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

Request._end @ auth0.min.esm.js:8
Request.end @ auth0.min.esm.js:8
getJWKS @ auth0.min.esm.js:8
…/node_modules/auth0-js/dist/auth0.min.esm.js.IdTokenVerifier.getRsaVerifier @ auth0.min.esm.js:8
…/node_modules/auth0-js/dist/auth0.min.esm.js.IdTokenVerifier.verify @ auth0.min.esm.js:8
…/node_modules/auth0-js/dist/auth0.min.esm.js.WebAuth.validateToken @ auth0.min.esm.js:8
…/node_modules/auth0-js/dist/auth0.min.esm.js.WebAuth.validateAuthenticationResponse @ auth0.min.esm.js:8
…/node_modules/auth0-js/dist/auth0.min.esm.js.WebAuth.parseHash @ auth0.min.esm.js:8
handleAuthentication @ Auth.js:39
Callback.render @ Callback.tsx:55
finishClassComponent @ react-dom.development.js:14301
updateClassComponent @ react-dom.development.js:14264
beginWork @ react-dom.development.js:15082
performUnitOfWork @ react-dom.development.js:17820
workLoop @ react-dom.development.js:17860
renderRoot @ react-dom.development.js:17946
performWorkOnRoot @ react-dom.development.js:18837
performWork @ react-dom.development.js:18749
performSyncWork @ react-dom.development.js:18723
requestWork @ react-dom.development.js:18592
scheduleWork @ react-dom.development.js:18401
scheduleRootUpdate @ react-dom.development.js:19069
updateContainerAtExpirationTime @ react-dom.development.js:19097
updateContainer @ react-dom.development.js:19154
…/node_modules/react-dom/cjs/react-dom.development.js.ReactRoot.render @ react-dom.development.js:19416
(anonymous) @ react-dom.development.js:19556
unbatchedUpdates @ react-dom.development.js:18952
legacyRenderSubtreeIntoContainer @ react-dom.development.js:19552
render @ react-dom.development.js:19613
./main.js @ main.js:55
webpack_require @ bootstrap:724
fn @ bootstrap:101
1 @ app-9de285935ddc8f5764a2-js.js:112542
webpack_require @ bootstrap:724
(anonymous) @ bootstrap:791
(anonymous) @ bootstrap:791
Auth.js:44 {error: “invalid_token”, errorDescription: “Request has been terminated↵Possible causes: the n…ol-Allow-Origin, the page is being unloaded, etc.”} ----------- This is the error I get in authentication now…

Any clues ?

Hi Nicholas,

This error is resolved now. In my application I want to redirect users to a non callback URL after successful login/authentication. The sample auth0 applications don’t seem to have an example like this. Could you please point me to a demo app which does this and I can refer and replicate ?

1 Like

Hi again. Not sure what you mean by “redirect users to a non callback URL”. Can you clarify?

HI Nicholas,

Thanks for getting back. All issues resolved for now. What I meant was after logging in, users will first go to /callback route and then I need to redirect them back to the home page which is the root “/”. I have implemented that and session timeout is also working now !!

If I run into anymore issues hereafter, will get back to you.

Hi Nicholas,

Now all is good except during logout, I get this message:-

Access to XMLHttpRequest at ‘’ from origin ‘http://localhost:5000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

What setting am I missing ?


That means that you need to whitelist the http://localhost:5000 domain if you wish to use embedded login.

Thanks, where is that setting ? I have added localhost:5000 everywhere in the origin/callback/logout settings in the app but to no avail.

Also I have one more issue which is linked to timeout error in token renewal.

I have a setInterval which renews the token after expiry but its not working. I get HTTP 400 error in authorize call and the response is an HTML as below:-

There could be a misconfiguration in the system or a service outage. We track these errors automatically, but if the problem persists feel free to contact us.
Please try again.

I added http://localhost:5000 to the list of allowed domains. Now I get login_required immediately after loggin in. Not sure what’s going on as I get different behaviour every time I change some setting.

I am using cookie to set isLoggedIn and validate the session, but after logging in, it sets the cookie and after sometime renewSession throws and error forcing logout and cookie deletion.

Please advise. HAR file attached. (1.4 MB)

Can you try configuring your own keys for the Google social connection? Using the developer keys might be getting in the way here…

I am having this same issue and cannot find a solution anywhere. I have third party cookies enabled.