Tried logging to auth0 i got invalid state error - auth0

I have a problem with auth0.
There are two auth0 Applications in the project that I am working on right now. One is in PHP other one is WordPress. Both use auth0 Hosted Page.
First I opened my WordPress site in a tab in my web browser. Then I opened the same in another tab. Then tried logging in from the first tab by entering the email and the password and got the below error message:
wordpress error msg "There was a problem with your log in:
Invalid state [error code: unknown]"
If it is a PHP site got the below error message:
php error msg "Fatal error: Uncaught
Auth0\SDK\Exception\CoreException: Invalid state in
C:\xampp\htdocs\uat.sso\sso\vendor\auth0\auth0-php\src\Auth0.php:511
Stack trace: #0
C:\xampp\htdocs\uat.sso\sso\vendor\auth0\auth0-php\src\Auth0.php(434):
Auth0\SDK\Auth0->exchange() #1
C:\xampp\htdocs\uat.sso\sso\callback.php(8):
Auth0\SDK\Auth0->getUser() #2 {main} thrown in
C:\xampp\htdocs\uat.sso\sso\vendor\auth0\auth0-php\src\Auth0.php on
line 511"

Auth0 have a comprehensive guide on dealing with Invalid State errors in WordPress. You can check it out here.
Basically the most common causes are:
Cached Auth0 Callback URL, some hosting provider do this by default and they should be contacted to not cache this.
Cached Cookies and URL parameters
Cookie name requirements for certain hosting providers like Pantheon.
See the complete list here.

Related

ASP.NET Core Auth0 - Unable to unprotect the message.State

We have Auth0 enabled for a site and it has been working well for quite some time.
All of a sudden when I enter the site and get redirected to Auth0 to enter my crendentials (and press login), I get faced with a screen with the following message.
An unhandled exception occurred while processing the request.
Exception: Unable to unprotect the message.State.
MoveNext AggregateException: Unhandled remote failure.
MoveNext
If I repeatedly refresh my site with /signin-auth0 at the end of the url the same error screen is shown.
Now when I repeated all steps from start (meaning entering my site) it all of a sudden work. What's this error anyway?
This was resolved by the Auth0 team as a bug in Auth0's transmission of the state parameter for social logins, notably Google. Things should be working normally again.

Converting to SSL Trashing datasource

Got my web site pretty much set the way I needed it and so went ahead and converted the site to SSL installing a certificate and then rebuilt my project and pushed it up to the sub folder figuring that would be it. It wasn't the case!
What I have is a two tier'd web site with a landing site that is Anonymous and then a application sub site in a subfolder which uses Windows authentication. The landing site/page works fine yet but when you click on the link to launch the web app and initiate the web app in the sub folder where the Windows authentication is taking place, you are prompted for credentials as you should but upon validation you get this error:
Server Error in '/CInTrac' Application.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for
user 'NT AUTHORITY\ANONYMOUS LOGON'.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the exception
can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
Now admittedly this is my first time setting up SSL so I'm sure that there are things that I could be missing here and so I've likely made some mistakes here but what one earth would cause this to act this way. There is no anonymous calls in the code at all and this runs fine in VS on the desktop. It did run fine prior to setting up the certificate on the server
Any suggestions would be greatly appreciated!
Thanks
Ken...
For some reason, I had to switch to using Basic Authentication with ASP.NET Impersonation enabled (Impersonating the authenticated user) in order to get this to work with the SSL certificate in place. After doing so all was fine.

"Send to Mobile" ends with API Error Code 191 and error message "redirect_uri is not allowed by the application for OAuth"

The native iOS app is listed on Facebook App Center. But there is issue with "Send to Mobile" action, it fails with error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not allowed by the application for OAuth.
Because the app is configured as a native iOS app, there is no any domains and redirect URI entered.
P.S. I know there is plenty of questions about API Error Code 191. But at the moment none of them was helpful, thus, I believe my question isn't a duplicate.
There seem to be a lot of different reasons for this error, but I had the same issue where clicking on the "Send to Mobile" resulted in error 191. In my case I was able to fix it by adding FB page URLs to the "Valid OAuth redirect URIs:" field in Advanced Settings.
I added the URL for the app in the App Center, as well as my main FB page - careful to use the correct URL scheme (https):
https://www.facebook.com/MyFBPage
https://www.facebook.com/appcenter/myfbapp
Hope that helps.

FB.ui() with method: "feed" is broken

It seems that method: 'feed' within FB.ui() using FB JavaScript SDK is broken. Consider the following example:
Having an app running as Page Tab on a FB page AND Canvas-App
All needed fields in the app section are filled out correctly
Using FB.ui() with method: 'feed' to let a user tell someone about it
The link-Property of method: 'feed' is set the Canvas-URL and for testing to the Page Tab URL of the app
Everything worked for us until a few days ago (don't remember the exact day)
Debugged over and over and couldn't find a bug
We always get the following error, now even with apps that formerly worked:
"An error occurred with xxx. Please try again later.
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application."
At least you got an error message.
I've the same but the following :
"An error occurred with xxx. Please try again later."
No error code or something.
Did you changed something on your app config ?
Your error code might means :
bad redirect_uri (mb you hav'nt the same appId or something)
You just changed your app domain name and your redirect uri isn't in the same domain
Try to access your app with your redirect_uri, if an error shows up you need to fix your redirect.
Good luck !

Dropbox php sdk library errors

I am trying to set dropbox api up on this website http://wedapp.users34.interdns.co.uk/
I am using this library http://code.google.com/p/dropbox-php/
I am getting lots of issues i have contacted my host and they have confirmed that i have The OAuth extension installed.
Just keep getting lots of errors like below.
Fatal error: Uncaught exception 'OAuthException' with message 'Invalid
auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)' in
/home/wedapp/public_html/Dropbox/OAuth/PHP.php:73 Stack trace: #0
/home/wedapp/public_html/Dropbox/OAuth/PHP.php(73):
OAuth->fetch('https://api.dro...', Array, 'POST', Array) #1
/home/wedapp/public_html/Dropbox/API.php(97):
Dropbox_OAuth_PHP->fetch('https://api.dro...', Array, 'POST') #2
/home/wedapp/public_html/index.php(13):
Dropbox_API->getToken('info#isimpledes...', 'webdesigner1982') #3
{main} thrown in /home/wedapp/public_html/Dropbox/OAuth/PHP.php on
line 73
you can see the errors i am getting here. http://wedapp.users34.interdns.co.uk/
Any thing please guys.
A 401 error means "Bad or expired token. This can happen if the user or Dropbox revoked or expired an access token. To fix, you should re-authenticate the user." ( https://www.dropbox.com/developers/reference/api )
You will need to go through the app authentication process again to get a valid token.