Username and Password Login in hosted page sending 403 error

We have tried every possible combination and resource but currently auth0 sends a 403 on every login or sign up attempt, even when trying the database connection (calling /authorize)

We are using a hosted page since a year and the problem seems to appear just recently.

I tried upgrading to lock 11, copy pasting params and default states and nothing, currently this is the code used (hiding username and password login to avoid the bug):

<!DOCTYPE html>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Identifícate para Navegar</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />

  <!--[if IE 8]>
  <script src="//"></script>

  <!--[if lte IE 9]>
  <script src=""></script>
  <script src=""></script>
  <script src=""></script>
    // Decode utf8 characters properly
    var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
    config.extraParams = config.extraParams || {};
    var connection = config.connection;
    var prompt = config.prompt;
    var languageDictionary;
    var language = "ES";
    var params = {scope: 'openid profile'};
                  params.state =;
    if (config.dict && config.dict.signin && config.dict.signin.title) {
      languageDictionary = { title: config.dict.signin.title,
                             signUpTerms: "He leído y acepto los <a href='' target='_new'>Términos de Uso</a> del servicio."
    } else if (typeof config.dict === 'string') {
      language = config.dict;
    var loginHint = config.extraParams.login_hint;
    var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
      auth: {
        redirectUrl: "",
        responseType: 'code',
        params: params,
        audience : "",        
      assetsUrl:  config.assetsUrl,
      rememberLastLogin: !prompt,
      language: language,
      languageDictionary: languageDictionary,
      theme: {
        logo: '',
        primaryColor:    'green',
      mustAcceptTerms: true,
      oidcConformant: false,
      allowShowPassword: true,
      autofocus: true,   
      sso: false,
      allowedConnections: ['facebook','twitter'],     
      socialButtonStyle: 'big',
      prefill: loginHint ? { email: loginHint, username: loginHint } : null,
      closable: false,
      // uncomment if you want small buttons for social providers
      // socialButtonStyle: 'small'
1 Like

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?