I’ve been using auth0-js for almost a year and it has been working good. Suddently today the login stopped working, without any change to the code or hosting environment. I can’t see any status problems with auth0 and the status pages show 100% uptime with no known issues.
When that promise is returned I get an accessToken (16 chars), an idToken, an expiresIn time of 86400, type is “Bearer” and scope is “openid profile email address phone”.
After that I call webAuth.client.userInfo(result.accessToken, (err, user) => { … }); according to this: Auth0.js v9 Reference
That call usually gives me the user.sub that I need. However, today this /userinfo call suddenly started to give 401 answers with this error object:
No error description, nothing in the auth0 logs (except a succesful login), no status problems with auth0 service, no anomalies detected in my auth0 portal.
How can I debug this? Is this a service problem or is it a problem with my code?
Unfortunately I cannot share the code and I haven’t had the time to put a repro repo yet.
This is CRITICAL since none of our end users can login to our service right now.
@jin.choi ah, good that I’m not alone. But still (really) bad for me. Do you have any ideas of workarounds? I read in another thread that a delay between login and userinfo helped but it is not helping me. This thread: Intermittent 401 unauthorized response - Auth0 Community
I too can confirm that the login system is not working.
We are having issues with Auth0 Rules. Everything processes correctly according to the debugger, but then client side reports 500 errors.
Sorry, I have no clue. I just discovered this bug a few minutes before I posted. The logs don’t show anything. I just updated auth0-js, but that didn’t help.
I can also add that I tried upgrading to the latest auth0-js on NPM (8.10.1) but it did not help, I got the exact same error.
Also, if I send “incorrect” as accessToken to the userinfo call I get an error with an error description: “invalid_credentials” but when I send the (correct) accessToken I get an description: null. Seems a bit odd.
We’re seeing the same issue. When attempting to hit /userinfo following username+password authentication we get a 401 from auth0. The API logs indicate successful authentication, but that’s it. This is happening in all three of our tenants.
I can also confirm this isn’t working on our end either. It’s been working for months and even worked a couple hours or so ago but it’s borked now. I can confirm their error message
The access token signature could not be validated. A common cause of this is requesting multiple audiences for an access token signed with HS256, as that signature scheme requires only a single recipient for its security. Please change your API to employ RS256 if you wish to have multiple audiences for your access tokens
is junk because the API is RS256 and the token looks like below (obviously sensitive data removed)