Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access denied - unauthorized #317

Closed
pooya1361 opened this issue Jan 17, 2017 · 15 comments
Closed

Access denied - unauthorized #317

pooya1361 opened this issue Jan 17, 2017 · 15 comments
Labels
question

Comments

@pooya1361
Copy link

pooya1361 commented Jan 17, 2017
edited
Loading

Hi,
We are currently using the lock and my task is to change the method to API. I read the whole documentations and gits but it didn't help with my problem. Note that the same user/pass works fine with lock. I also tested this code with user/pass only. The same error occurred.
Here's my code:

    login() {
        const auth0 = new Auth0.WebAuth({
            domain: 'mydomain.auth0.com',
            clientID: 'XXXXXXX',
        });

        auth0.client.login({
            realm: 'Username-Password-Authentication', 
            username: this.refs.epost.value,
            password: this.refs.password.value,
            scope: 'openid profile',
        }, function (err, authResult) {
            alert(err.code);
            console.log(err);
        });
    },

Response

{error: "access_denied", error_description: "Unauthorized"}
error:"access_denied"
error_description:"Unauthorized"

Request payload

client_id:"XXXX"
grant_type:"http://auth0.com/oauth/grant-type/password-realm"
password:"123456"
realm:"Username-Password-Authentication"
scope:"openid profile"
username:"test013@mydomain.com"
@hzalaz
Copy link
Member

hzalaz commented Jan 17, 2017

@pooya1361 make sure the type of your client is SPA

@hzalaz
Copy link
Member

hzalaz commented Jan 17, 2017

You can check that in Auth0 Dashboard -> Client -> Settings

@pooya1361
Copy link
Author

Thanks. It works. I wonder where was this in documentation! Is it?

@hzalaz
Copy link
Member

hzalaz commented Jan 17, 2017

@pooya1361 we don't have docs for this yet since its part of new features we are adding.
Also any new client you create will prompt you to pick the proper type.

@saikatharryc
Copy link

saikatharryc commented Apr 18, 2017
edited
Loading

hey @hzalaz
are you talking about this one ? image

@manyanic
Copy link

@saikatharryc no.
Client -> Tab Settings -> Client Type

image

@ShawnTheBeachy
Copy link

@hzalaz Ugh, such a simple fix after hours of banging my head against the wall.

@cgt-training2
Copy link

cgt-training2 commented Aug 11, 2017
edited
Loading

@hzalaz i am using nodeJS and angular2. I changed client type to SPA but still getting this error:

Error: access_denied
at new LoginError (lock-8.1.min.js:8)
at lock-8.1.min.js:8
at onMessage (lock-8.1.min.js:9)
at ZoneDelegate.webpackJsonp.../../../../zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:424)
at Zone.webpackJsonp.../../../../zone.js/dist/zone.js.Zone.runTask (zone.js:191)
at ZoneTask.webpackJsonp.../../../../zone.js/dist/zone.js.ZoneTask.invokeTask [as invoke] (zone.js:498)
at invokeTask (zone.js:1370)
at globalZoneAwareCallback (zone.js:1396)

@cgt-training2 cgt-training2 mentioned this issue Aug 11, 2017
Closed
@anuragkumar97
Copy link

my client type is SPA , still i get the same error "acess denied" why??

@luisrudge
Copy link
Contributor

Hi @anurag12chauhan, this doesn't look like a bug in the SDK. Please reach out to our amazing support team at https://support.auth0.com so they can better assist you with your scenario.

@sdpetersen
Copy link

For anyone else that stumbles upon this... I had the same problem with a different solution: in the tutorial it has you create an "Email domain whitelist" rule and it says if you don't turn it off, people won't be able to log in... I thought I turned off, but after 30 minutes of scratching my head, I realized I didn't. So, check that before you go crazy.

@snigdhesh
Copy link

@sdpetersen Thank you so much, literally spent 2 days on this issue, at last your solution worked!! I am so happy.

@jpbourgeon jpbourgeon mentioned this issue Oct 23, 2018
Closed
@morphatic
Copy link

Thank you @sdpetersen!!! I had a similar problem. I had a rule that would load the person's picture from user_metadata if available. My code looked like this:

function (user, context, callback) {
  if (user.user_metadata.picture)
    user.picture = user.user_metadata.picture;

  callback(null, user, context);
}

Bad code!!! If the user has no user_metadata at all, this throws an error Cannot read property 'picture' of undefined. I fixed it with the alteration below:

function (user, context, callback) {
  // Make sure that `user_metadata` exists before trying to get
  // one of it's properties!!!
  if (user.user_metadata && user.user_metadata.picture)
    user.picture = user.user_metadata.picture;

  callback(null, user, context);
}

Moral of the story: bugs in your rules can prevent anyone from logging in!

@fid9
Copy link

fid9 commented May 10, 2022

I'm still having this issue and both the whitelist and the client type are okay.

@ChathuniWijesekera
Copy link

ChathuniWijesekera commented Sep 16, 2022
edited
Loading

@saikatharryc no. Client -> Tab Settings -> Client Type

image

Thank you very much. This worked for me. Can't believe spent hours on this😥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests