auth0

Login with Auth0 was successful but still a 401 'access denied' is returned?

I managed to get Auth0 somewhat working for my Vue.js app. The Quickstart Guide was straight forward. So what happened is that I managed to use the login functionality and was prompted with the Auth0 Login dialog. I used my google account to do a quick-login. That also worked. My google account was now visible as a new user in my Auth0 Dashboard.

However after the login I was returned to my Vue.js app but the authorization was not successful it seems.

The network tab tells me the following:

{"error":"access_denied","error_description":"Unauthorized"}

I was wondering if I have to give the user some roles or permissions before he is considered as 'authorized'? My impression was that this will be true by default and only restricted if I start defining roles in the Auth0 Dashboard.

Please enlighten me!

PS: I am using the non-implict login dialog provided by Auth0 while I am working on a SPA. I read that might cause troubles?

PS 2: enter image description here

And the Raw Data of the 'Failed Exchange' Log:

{
  "date": "2020-08-24T10:43:52.005Z",
  "type": "feacft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": "<Client_ID>",
  "client_name": null,
  "ip": "85.197.56.111",
  "user_agent": "Chrome 83.0.4103 / Linux 0.0.0",
  "details": {
    "code": "*************T8a"
  },
  "hostname": "alemanni-game.eu.auth0.com",
  "user_id": "",
  "user_name": "",
  "log_id": "90020200824104353383000015217913666506642073534760747026",
  "_id": "90020200824104353383000015217913666506642073534760747026",
  "isMobile": false
}
Solution

  • I had this issue and was finally able to find out the cause of this issue. I came across this question while I was searching for the solution to this problem but it hadn't been answered. As I was able to solve the problem, so I decided to answer this question.

    In my case, the problem was that the token endpoint was returning the status code of 401 with unauthorized/access denied error and this seems to be the problem in your case too.

    Problem was because of the incorrect value of "Token Endpoint Authentication Method" in the application settings.

    enter image description here

    In the case of single page applications, its value should be "None" but it was incorrectly set to "POST".

    It seems that, at the time of this writing, we cannot change its value, so I just created a new application and selected "Single Page Web Applications" as the application type. This solved the issue.