/usernamepassword/login 401 error

When all my users try to log in, we get blank error, on inspect i get https://domain-url/usernamepassword/login 401 error. Can someone help? has anyone faced this before, and what was your solution?

Hi @marcel3,

Thanks for reaching out to the Auth0 Community!

I understand that your end users are encountering errors logging in.

To help me better understand what is going on, could you please share a HAR File capture of the authentication flow and send it over as a direct message? Please be sure to select “Preserve log” to catch redirects and scrub the file of user passwords before sending.

Thank you.

Hi @marcel3,

After looking at your HAR file, I found the authentication flow failing because the user could not verify the CAPTCHA challenge correctly.

The POST request call to the /usernamepassword/challenge endpoint returns a CAPTCHA which the user logging in needs to verify correctly to authenticate. When failing to verify the CAPTCHA correctly, the user will get a 401 status code error.

For now, I recommend that you disable Bot Detection in your Auth0 Attack Protection Settings by setting the Enable CAPTCHA option to Never.

Doing so will allow these users to log in. I’d like to emphasize that while it is okay to disable Bot Detection for testing, it is preferred to re-enable Bot Detection for production.

Please let me know if there are any questions.

Thank you.

I checked our auth0 dashboard and the Enable CAPTCHA option is set to Never but still getting the error. Kindly also note that the login page is the one provided by auth0 so can’t debug much from my end. Would you know what else would be the problem

Hi @marcel3,

I have done a deeper investigation and discovered a couple of things that may be the source of the issue.

First, I noticed that your Universal Login Page authenticates the user against the Username-Password-Authentication Database Connection:

var databaseConnection = 'Username-Password-Authentication';

Because of this, any user not in this database will not be able to log in to your application.

Second, I found that your Username-Password-Authentication Database Connection has enabled Custom Database without implementing any of the Database Action Scripts.

I am not sure if you mean to use a Custom Database with the Username-Password-Authentication Database Connection. And if you do intend to use one, there are no scripts implemented.

You might want to either disable the Custom Database option or implement the Database Action Scripts. Doing so should prevent any conflicts in the future with users logging in with the Username-Password-Authentication connection.

Please let me know if this resolves the issue.

Thank you.