AuthApiError: Cannot read property 'replace' of undefined

[devjmetivier]

Checklist

• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Trying to go through a simple passwordless flow and keep getting this error:

node_modules/.pnpm/auth0@4.0.0/node_modules/auth0/dist/esm/auth/base-auth-api.js (39:15) @ Passwordless.parseError
AuthApiError: Cannot read property 'replace' of undefined
  at async eval (./src/components/auth/[redacted])

This error is not specific to any one cause. To my knowledge, all of our Auth0 configurations are correct, and all environment configurations in code are correct as well. Most notably it seems as though this was working for us last week, and when we picked up the project again (without code changes) the SDK stopped working.

Some code detailing our implementation:

// auth0 utils folder
export const loadAuth0AuthenticationClient = async () => {
  if (!authClient) {
    const auth0 = await import('auth0');

    authClient = new auth0.AuthenticationClient({
      domain: process.env.AUTH0_DOMAIN as string,
      clientId: process.env.AUTH0_CLIENT_ID as string,
      clientSecret: process.env.AUTH0_CLIENT_SECRET as string,
      telemetry: false,
    });
  }

  return authClient;
};

// Inside Next.js server actions
const auth0 = await loadAuth0AuthenticationClient();
await auth0.passwordless.sendEmail({ email, send: 'code' });

// Inside another action once the OTP code has been received
const auth0 = await loadAuth0AuthenticationClient();
const { data, status } = await auth0.passwordless.loginWithEmail({
  audience: process.env.AUTH0_AUDIENCE,
  code: otp,
  email,
  scope: 'openid profile email',
});

Nothing out of the ordinary to us.

Reproduction

1. Create "Regular Web Application" in Auth0
2. Configure the Application to include the "Passwordless OTP" grant type in Applications > Applications
3. Authorize the Application with the appropriate API in Applications > APIs
4. Configure the AuthenticationClient with the domain, clientId, and clientSecret from the above created Auth0 Application
5. Initiate the OTP flow with auth0.passwordless.sendEmail({ email, send: 'code' })
6. Get OTP code from email
7. Verify OTP code with auth0.passwordless.loginWithEmail(...options)
8. See error

Additional context

Another thing to note is that the SDK mysteriously logs null to the console for some reason. I double checked and we're not logging that anywhere in code.

node-auth0 version

v4.0.1

Node.js version

v18.15.0

[frederikprijck]

Thanks for reporting.

Most notably it seems as though this was working for us last week, and when we picked up the project again (without code changes) the SDK stopped working.

Did you update our SDK to a newer version ? If not, and you say it worked before, what changed between now and then? There has to be something, and typically isn't an SDK issue in that case. If you did update our SDK, does rollbacking resolve the issue again?

Does any error show up in your Auth0 logs?

Another thing to note is that the SDK mysteriously logs null to the console for some reason. I double checked and we're not logging that anywhere in code.

We dont appear to be logging anything ourselves neither. Can you elaborate on why you believe it's our SDK logging that null?

[devjmetivier]

@frederikprijck

Did you update our SDK to a newer version?

This is a fresh project (bare bones if you will), we started with v4.0.1 (latest as of this issue).

If not, and you say it worked before, what changed between now and then? There has to be something, and typically isn't an SDK issue in that case.

Normally I would agree, but as I said, there were no code changes between the time it was first successful and when we picked it back up.

If you did update our SDK, does rollbacking resolve the issue again?

v4.0.0 yields the same issue, but previous versions otherwise are irrelevant because it's not the same API

Does any error show up in your Auth0 logs?

Yes. And it's the exact same error that it gives in the console (which isn't helpful):

We dont appear to be logging anything ourselves neither. Can you elaborate on why you believe it's our SDK logging that null?

I also checked the SDK code to see if this was the case and found the same. However, I can't explain why null is printed to the console on a separate line there. When removing all manual logs in the application, it still produces that log. I thought maybe it could be a log from a different package but it only occurs inexplicably when I get this error.

[devjmetivier]

Another thing that might be helpful is that according to my first screenshot here, it's indicating that this is a parsing error:

[frederikprijck]

Thanks for that context, it looks like the error is outside of the SDK but on the server side. I reached out internally to see what could cause that.

[frederikprijck]

I haven't been able to reproduce this on my end. Could you verify if you have any actions (or rules) configured? If so, would the error still exist if you disable those?

If this still occurs without any rule or action, could you share your tenant so we can more easily investigate what could be going on?

[devjmetivier]

@frederikprijck This must've been a case of poor timing on our end. The issue was, in fact, a result of a faulty Auth0 Rule that we built (and consequently enabled after our first pass with the new node SDK, thus breaking what we wrote initially).

Thank you for your time.