Auth0 Home Blog Docs

Username and Password Login in hosted page sending 403 error


#1

We have tried every possible combination and resource but currently auth0 sends a 403 on every login or sign up attempt, even when trying the database connection (calling /authorize)

We are using a hosted page since a year and the problem seems to appear just recently.

I tried upgrading to lock 11, copy pasting params and default states and nothing, currently this is the code used (hiding username and password login to avoid the bug):

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Identifícate para Navegar</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>

  <!--[if IE 8]>
  <script src="//cdnjs.cloudflare.com/ajax/libs/ie8/0.2.5/ie8.js"></script>
  <![endif]-->

  <!--[if lte IE 9]>
  <script src="https://cdn.auth0.com/js/base64.js"></script>
  <script src="https://cdn.auth0.com/js/es5-shim.min.js"></script>
  <![endif]-->
  <script src="https://cdn.auth0.com/js/lock/11.9.1/lock.min.js"></script>
  
  <script>
    // Decode utf8 characters properly
    var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
    config.extraParams = config.extraParams || {};
    var connection = config.connection;
    var prompt = config.prompt;
    var languageDictionary;
    var language = "ES";
    var params = {scope: 'openid profile'};
                  params.state = location.search;
    if (config.dict && config.dict.signin && config.dict.signin.title) {
      languageDictionary = { title: config.dict.signin.title,
                             signUpTerms: "He leído y acepto los <a href='https://www.eknowifi.com/privacy' target='_new'>Términos de Uso</a> del servicio."
                           };
    } else if (typeof config.dict === 'string') {
      language = config.dict;
    }
    var loginHint = config.extraParams.login_hint;
    
    var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
      auth: {
        redirectUrl: "https://app.eknowifi.com/loggedin",
        responseType: 'code',
        params: params,
        audience : "https://ekno.auth0.com/userinfo",        
      },
      assetsUrl:  config.assetsUrl,
      rememberLastLogin: !prompt,
      language: language,
      languageDictionary: languageDictionary,
      theme: {
        logo: 'https://app.eknowifi.com/images/logos/logo.png',
        primaryColor:    'green',
      },
      mustAcceptTerms: true,
      oidcConformant: false,
      allowShowPassword: true,
      autofocus: true,   
      sso: false,
      allowedConnections: ['facebook','twitter'],     
      socialButtonStyle: 'big',
      prefill: loginHint ? { email: loginHint, username: loginHint } : null,
      closable: false,
      // uncomment if you want small buttons for social providers
      // socialButtonStyle: 'small'
    });
    
    lock.show();
  </script>
   
</body>
</html>