Auth0 is often requiring users to authenticate twice
I have a client-facing web application built using Angular 7 that utilizes Auth0 (auth0-js v9.8.2
) for authentication. We require users to login using username/password and then multi-factor using Guardian/text/phone call. All of this works great. The issue is that we are seeing that sometimes users are required to authenticate/multi-factor a second time immediately after they're redirected to the application from Auth0's hosted login page. I have seen it once or twice myself but now that I am trying to debug this issue I cannot replicate the issue. However, I see in the logs that several users per day are experiencing this inconvenience.
Here are some snippets from my code. If I knew how to replicate I would try and debug, but I can't even make it happen now, although it's still happening to others currently.
The first thing I'm doing in app.component.ts
is calling handleAuthentication()
and requiring users to authenticate if they're not already.
constructor(private auth: Auth, private dataService: DataService) {
this.auth.handleAuthentication().then((res: any) => {
if (this.auth.isAuthenticated()) {
this.authenticated = true;
} else {
this.auth.auth0.authorize();
}
});
}
Here is the handleAuthentication()
function, which is resolved only once 'parseHash()' is called and the session is set.
public handleAuthentication(): Promise<any> {
return new Promise((resolve, reject) => {
this.auth0.parseHash({ _idTokenVerification: false }, (err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = '';
this.setSession(authResult);
} else if (err) {
console.log(err);
}
resolve();
});
});
}
Here are my auth0
settings in case it's helpful
auth0 = new auth0.WebAuth({
domain: '<domain>',
clientID: '<clientID>',
redirectUri: environment.callbackURL,
audience: '<audience>',
responseType: 'token id_token',
scope: 'openid'
});
My only guess is that it has something to do with 'parseHash()' failing. There are a couple of other things I find interesting.
- In other examples, I don't see
{ _idTokenVerification: false }
being passed intoparseHash()
, but it was added for some reason at some point - I have seen others talk about issues with passing
id_token
intoresponseType
, but we are using this token to check expiration. If this is could be causing an issue, I may be able to figure out a workaround
I can't just assume these are issues because I can't replicate the main issue with or without these modifications.
Any help or advice?
angular authentication oauth auth0
add a comment |
I have a client-facing web application built using Angular 7 that utilizes Auth0 (auth0-js v9.8.2
) for authentication. We require users to login using username/password and then multi-factor using Guardian/text/phone call. All of this works great. The issue is that we are seeing that sometimes users are required to authenticate/multi-factor a second time immediately after they're redirected to the application from Auth0's hosted login page. I have seen it once or twice myself but now that I am trying to debug this issue I cannot replicate the issue. However, I see in the logs that several users per day are experiencing this inconvenience.
Here are some snippets from my code. If I knew how to replicate I would try and debug, but I can't even make it happen now, although it's still happening to others currently.
The first thing I'm doing in app.component.ts
is calling handleAuthentication()
and requiring users to authenticate if they're not already.
constructor(private auth: Auth, private dataService: DataService) {
this.auth.handleAuthentication().then((res: any) => {
if (this.auth.isAuthenticated()) {
this.authenticated = true;
} else {
this.auth.auth0.authorize();
}
});
}
Here is the handleAuthentication()
function, which is resolved only once 'parseHash()' is called and the session is set.
public handleAuthentication(): Promise<any> {
return new Promise((resolve, reject) => {
this.auth0.parseHash({ _idTokenVerification: false }, (err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = '';
this.setSession(authResult);
} else if (err) {
console.log(err);
}
resolve();
});
});
}
Here are my auth0
settings in case it's helpful
auth0 = new auth0.WebAuth({
domain: '<domain>',
clientID: '<clientID>',
redirectUri: environment.callbackURL,
audience: '<audience>',
responseType: 'token id_token',
scope: 'openid'
});
My only guess is that it has something to do with 'parseHash()' failing. There are a couple of other things I find interesting.
- In other examples, I don't see
{ _idTokenVerification: false }
being passed intoparseHash()
, but it was added for some reason at some point - I have seen others talk about issues with passing
id_token
intoresponseType
, but we are using this token to check expiration. If this is could be causing an issue, I may be able to figure out a workaround
I can't just assume these are issues because I can't replicate the main issue with or without these modifications.
Any help or advice?
angular authentication oauth auth0
add a comment |
I have a client-facing web application built using Angular 7 that utilizes Auth0 (auth0-js v9.8.2
) for authentication. We require users to login using username/password and then multi-factor using Guardian/text/phone call. All of this works great. The issue is that we are seeing that sometimes users are required to authenticate/multi-factor a second time immediately after they're redirected to the application from Auth0's hosted login page. I have seen it once or twice myself but now that I am trying to debug this issue I cannot replicate the issue. However, I see in the logs that several users per day are experiencing this inconvenience.
Here are some snippets from my code. If I knew how to replicate I would try and debug, but I can't even make it happen now, although it's still happening to others currently.
The first thing I'm doing in app.component.ts
is calling handleAuthentication()
and requiring users to authenticate if they're not already.
constructor(private auth: Auth, private dataService: DataService) {
this.auth.handleAuthentication().then((res: any) => {
if (this.auth.isAuthenticated()) {
this.authenticated = true;
} else {
this.auth.auth0.authorize();
}
});
}
Here is the handleAuthentication()
function, which is resolved only once 'parseHash()' is called and the session is set.
public handleAuthentication(): Promise<any> {
return new Promise((resolve, reject) => {
this.auth0.parseHash({ _idTokenVerification: false }, (err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = '';
this.setSession(authResult);
} else if (err) {
console.log(err);
}
resolve();
});
});
}
Here are my auth0
settings in case it's helpful
auth0 = new auth0.WebAuth({
domain: '<domain>',
clientID: '<clientID>',
redirectUri: environment.callbackURL,
audience: '<audience>',
responseType: 'token id_token',
scope: 'openid'
});
My only guess is that it has something to do with 'parseHash()' failing. There are a couple of other things I find interesting.
- In other examples, I don't see
{ _idTokenVerification: false }
being passed intoparseHash()
, but it was added for some reason at some point - I have seen others talk about issues with passing
id_token
intoresponseType
, but we are using this token to check expiration. If this is could be causing an issue, I may be able to figure out a workaround
I can't just assume these are issues because I can't replicate the main issue with or without these modifications.
Any help or advice?
angular authentication oauth auth0
I have a client-facing web application built using Angular 7 that utilizes Auth0 (auth0-js v9.8.2
) for authentication. We require users to login using username/password and then multi-factor using Guardian/text/phone call. All of this works great. The issue is that we are seeing that sometimes users are required to authenticate/multi-factor a second time immediately after they're redirected to the application from Auth0's hosted login page. I have seen it once or twice myself but now that I am trying to debug this issue I cannot replicate the issue. However, I see in the logs that several users per day are experiencing this inconvenience.
Here are some snippets from my code. If I knew how to replicate I would try and debug, but I can't even make it happen now, although it's still happening to others currently.
The first thing I'm doing in app.component.ts
is calling handleAuthentication()
and requiring users to authenticate if they're not already.
constructor(private auth: Auth, private dataService: DataService) {
this.auth.handleAuthentication().then((res: any) => {
if (this.auth.isAuthenticated()) {
this.authenticated = true;
} else {
this.auth.auth0.authorize();
}
});
}
Here is the handleAuthentication()
function, which is resolved only once 'parseHash()' is called and the session is set.
public handleAuthentication(): Promise<any> {
return new Promise((resolve, reject) => {
this.auth0.parseHash({ _idTokenVerification: false }, (err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = '';
this.setSession(authResult);
} else if (err) {
console.log(err);
}
resolve();
});
});
}
Here are my auth0
settings in case it's helpful
auth0 = new auth0.WebAuth({
domain: '<domain>',
clientID: '<clientID>',
redirectUri: environment.callbackURL,
audience: '<audience>',
responseType: 'token id_token',
scope: 'openid'
});
My only guess is that it has something to do with 'parseHash()' failing. There are a couple of other things I find interesting.
- In other examples, I don't see
{ _idTokenVerification: false }
being passed intoparseHash()
, but it was added for some reason at some point - I have seen others talk about issues with passing
id_token
intoresponseType
, but we are using this token to check expiration. If this is could be causing an issue, I may be able to figure out a workaround
I can't just assume these are issues because I can't replicate the main issue with or without these modifications.
Any help or advice?
angular authentication oauth auth0
angular authentication oauth auth0
asked Nov 27 '18 at 16:34
cbrawlcbrawl
347210
347210
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53504164%2fauth0-is-often-requiring-users-to-authenticate-twice%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53504164%2fauth0-is-often-requiring-users-to-authenticate-twice%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown