We’re sorry something went wrong when attempting to log in

[udisun]

Description

we are having issues when some users attempt to log in, the message We're sorry something went wrong when attempting to log in but just some of our users are experiencing this issue. I logged in remotely to a user experiencing this issue, from my pc i can log in to his account, but from his pc i can’t login to his or my account. There was no error or log in the console. all the requests /authenticate and /jwks got a 200 response with correct values. he had no extensions on chrome at all. I’ve deleted all local storage, cookies and cache and still could not log in. Got the message “We’re sorry something went wrong when attempting to log in”. We are using the lock widget with custom domain configured in our auth0 tenant. The user sees this message but in the auth0 dashboard we can see: [Success Cross Origin Authentication]

Reproduction

Can't find a way to reproduce it, although several companies are struggling with this issue, and have reported it in the Auth0 Community pages: https://community.auth0.com/t/lock-were-sorry-something-went-wrong-when-attempting-to-log-in-message/36260

Environment

• Lock Version: 11.22.5
• Vue Version: 2.6.11
• Nuxt Version: 2.12.1
• Chrome Browser, Window 10 Home

[stevehobbsdev]

Thanks for raising this @udisun. Just to clarify, you're not seeing any errors in the logs in your Auth0 Dashboard either?

[kdawgwilk]

We are seeing this issue as well and not seeing any logs in auth0 for the few users that are experiencing this issue. FWIW we seem to be seeing this issue mostly on mobile users. On mobile we use PKCE which is the only main difference between web and mobile. We are also on a similar lock version, 11.22.4, but we plan on trying to bump to 11.23.1 to see if that fixes anything

[stevehobbsdev]

@kdawgwilk Let us know how you get on. This is proving difficult to repro without any concrete error messages, unfortunately.

[jaredswenson]

Any updates on this? I'm experiencing the same issue.

[ColCoutts]

@kdawgwilk @jaredswenson have you noticed this issue occurs when using webviews + PKCE in an app? Can the end-user still login on a mobile browser (Chrome, Safari etc.)?

[jaredswenson]

@ColCoutts My issue is when someone tries logging in on a mobile device browser, such as Chrome and Safari.

[kdawgwilk]

Yes appears to be mobile only and the same users with same creds can login fine on a browser. We even had a user reset their password to something temporary so we could try to reproduce on our end but we were able to login fine, it is only happening on their device. We also have some anomaly detection features turned on and I was able to reproduce it once on my own device but have never seen it again. It was an invalid state error that was given in the response

[h-tong]

Hi, my team and I have been experiencing this issue for the past couple of weeks as well. We've found that reports are typically from users who tried to login on Safari. Is there any update on this?

[ghost]

We faced this issue as well, when multiple tabs are opened and one of them being logged out silently.

[kaymaylove]

Good afternoon,

I see that various of you are facing this issue. I can't guarantee they are all related and the same issue. But I can provide some troubleshooting steps for us to pinpoint the potential issue (hopefully your users are willing).

• Can the users sign into other devices?

• Can you give the user a second set of credentials and try to sign into the device that isn't working?

• Do they have any third party apps that may be disabling/blocking cookies?

• (Safari - IOS) Check settings on phone to ensure Intelligent Tracking Prevention isn't enabled

• Have the user try signing in using a different ip (different internet source)

• Try having the customer uninstalling the app on their device, clearing their cache and cookies; re-downloading the app and signing in

• Were these users ever able to sign in using their device where they are experiencing this issue?

• Can you please check that the user doesn't have a time skew on their phone (making sure the current time matches the time on their device), this could cause authentication issues

• Did this issue just started happening, was there a specific date you started getting complaints around this? If you could provide a date, we can see what changes took place around that time that might be causing this.

I wasn't able to reproduce this issue and others in Auth0 haven't been able to. We think it's a device specific issue related to cookies that are lost or blocked linked to certain ips. The best thing to do is to provide this information in a support case and then, the support team can investigate why this may be happening. But if there's correlation between the answers that everyone here provides, we may be able to draw some conclusions and figure out what's going on.

Thanks!

[kdawgwilk]

We tried basically everything on that list and those steps resolved some cases but not all. We ended up deciding to move away from auth0 oauth web flow and implement the login natively ourselves.

[psamim]

For some reason reloading in Android webviews (react-native) does not work as expected (https://stackoverflow.com/questions/36229869/javascript-not-reloading-in-android-webview). I am not sure if this is related or not, but webview also ignores 302 HTTP responses too (in the network tab in dev tools it displays the request as cancelled) . This causes the webview not to redirect and the user cannot login.

So I used the webivew message passing (react-native-webview) to force-reload the webview from the native side. I send the message on lock's signin submit event in a setTimeout, and clear the timer if there is a authorization_error event.

Ugly hacks, but works.

[hablodoug]

Has anyone been able to resolve this? We're also having this issue with a small number of users. We're able to login using their credentials, but when they try on their own device, they're not able to. The auth token seems to be rejected/destroyed right after logging in/signing up for these users, and a 'login_required' oauthError is thrown (despite credentials being correct).

[davinryan]

We are also noticing this issue but appears to be due to CDN issue during login being unavailable. This is still an issue for us.

An error occurred when fetching client data for Lock: https://cdn.au.auth0.com/client/hy05IYYz9vpyOwppF1zqulxsX7DLtJdD.js?t1611129022583 timed out

[joeizang]

I can confirm what @davinryan is reporting...this is an issue for us with basically the same error 1cf0fe682e88b6ce06471c26098c81ae2c3cd766.89d45ce93e74f1fd614e.js:1 GET https://cdn.auth0.com/client/2z7hdIgXsgMULANr3qyWBP68FwPqqGRu.js?t1612834928256 A built in login using WebAuth works fine but the the lock modal isn't working at all

[stevehobbsdev]

Thanks both. I'm looking into this but it's proving extremely difficult to reproduce. I'm happy to continue testing but what would really help is a repro sample that demonstrates the error; if I can get a hold of that, I'd be happy to continue investigating.

[omichowdhury]

I've seen this issue a bunch of times with end users but I'm not able to reproduce it myself: So far it seems like it only affects safari

[DrJakeW]

Not sure if this is related to the above but we have started having this issue after iOS users started to upgrade to 14.6 recently.

For months we haven't had a problem, but now any iPhone that upgrades to 14.6 encounters the "We’re sorry, something went wrong when attempting to log in”.

This is despite the user entering the correct credentials (we have a custom message if they enter the incorrect credentials).

Nothing is shown in logs after the failed login, but we have found that after 10 attempts the user is blocked, and this does show in logs - just the 10 failed attempts to login are not shown in the logs.

We have tried logging on with the same user credentials on other devices that are not yet on 14.6 and they still work and function as expected. The same applies to android where the same users are able to login without any problems.

We have tried removing all customisations from the login and return to the default lock, but the same error shows.

Only iPhone on 14.6 we’ve managed to get it to work on is a 6s, newer models from XR onwards seem to have the issue.

Any thoughts on this one?

UPDATE: Managed to get an XR to work on 14.6 after a fresh install.. Not a practical option for most of our users though so hoping to avoid that as a resolution.

[johnnyrwest]

Hey, appreciate reading through everyone's comments here.

Our team just had a user report something like this on their end as well—any help would be greatly appreciated.

Description

• User is able to view our Auth0 Lock
• User is not able to successfully sign up
• We created an account for them in Auth0 directly and are able to log in using credentials we created for them via the Lock
• User is not able to log in using the credentials and is shown the "We're sorry something went wrong when attempting to log in message"
• Auth0 logs don't actually show this user's attempts/errors when logging in

Reproduction

• Unable to reproduce locally, but trying everything we can to do so, including blocking all cookies (not the problem)
• Attempting to get any console warnings from the user as well.

Environment

• Lock version: 11.30.4
• React Version: 17.0.2
• Next.js Version: 11.1.0
• Chrome 91, Windows

[ariasf]

Does anyone know if this issues would go away by just using the nextJS server side SDK instead of lock ? @stevehobbsdev wdyt?

[stevehobbsdev]

@ariasf Our Next.js SDK integrates with the universal login page rather than an embedded login page (which is what Lock is), but it depends on whether you're using the classic experience or the new experience. The classic experience still uses Lock (but in a hosted context) whereas the new experience is a completely separate (and more modern) offering, and is only available as a hosted login page.

In short, it may solve your problem depending on your current situation.

[stevehobbsdev]

I'm still unable to reproduce this, and it looks like many others here are as well.

As such, I'll close this issue for now but happy to re-open if there are concrete reproduction steps that expose the issue reliably.

[BanalitoRaulito]

Im able to reproduce this issue like this:

1. Sign up
2. Sign up with the same email again
3. Error occurs "WE'RE SORRY, SOMETHING WENT WRONG WHEN ATTEMPTING TO SIGN UP."

[JamesMasonCVT]

My organization has also recently started to get this problem, but only happens to external users in a pattern I can't pin down. I know their accounts work because I can make it for them and it'll work, but when they try to log in, they get the something went wrong message, but auth0 has absolutely no logged events of any attempt being made, but I can log in to the account from my own computer just fine.

[sachinwins]

Are you able to find out rootcause?