Checking error messages helps isolate the source of authentication and configuration issues in Auth0. Review error messages in browsers, login screens, tenant logs, and the Actions Real-time Logs console to identify and resolve unexpected behavior.

• Auth0
• Troubleshooting
• Logs

Where are error messages located to troubleshoot Auth0 issues?

Error messages that are available for review appear in any of the following locations:

• Browsers and HyperText Markup Language (HTML) page responses.
• Developer tools, network, and console tabs.
• Authorization Server responses.
• Deprecation errors.

How are browser errors checked?

An HTTP Archive (HAR) file is a JavaScript Object Notation (JSON) formatted log of web browser interactions with a web server. Generate and analyze HAR files to find issues if authentication fails to work as expected.

NOTE: Remove or obfuscate all sensitive data, including confidential user information, Personally Identifiable Information (PII), and application information, before sharing a HAR file. Review the Related References section for more information on sanitizing HTTP traces.

How are login screen errors checked?

The Lock login widget displays error messages for certain issues, such as an incorrect username or password. Check the More Information link if using the standard Auth0 error page.

How is the Auth0 log data checked?

Auth0 stores log data, including Dashboard administrator actions, successful and failed user authentications, and password change requests. View the logs in the Dashboard. Some types of errors do not appear in the logs. For example, an entry does not appear in the logs if an error occurs at a remote Identity Provider where authentication fails to complete and the user never returns to Auth0.

Export Auth0 logs and either store them locally or automatically push them to external log services. This functionality assists with data retention and log analysis requirements. Install and configure an Auth0 Extension to automatically export logs to another provider, such as Sumo Logic or Loggly. Navigate to the log streaming solutions in the Auth0 Marketplace to learn more.

NOTE: Review the Monitoring page for more details on each log event that can assist with troubleshooting.

The Management Application Programming Interface (API) can also be used to export and store logs. Two available endpoints provide slightly different information.

• Search all logs /get_logs endpoint: The Search log events endpoint retrieves log entries that match the provided search criteria. The endpoint returns a list of all available entries if the request omits search criteria. Provide search criteria using the q parameter and retrieve specific fields using the fields parameter. Accessing the API requires a Management APIv2 token. For example, a sample request retrieves all logs for successful logins (the event acronym for successful login is s). The list of fields retrieved per log entry includes date, description, client_id, and log_id. Review the Search log events endpoint documentation for details on the search criteria and a list of event acronyms.
• Get a single log entry /get_logs_by_id endpoint: The Get a log event by ID endpoint retrieves the log entry associated with the provided ID. For example, a sample request retrieves a single log entry with the ID 90020180129170850881585554625888895190928456277777449010.

How are deprecation errors identified?

Errors or notices appear in the tenant logs when applications use deprecated features after Auth0 deprecates them. Search the logs for specific deprecation entries that indicate a feature is being deprecated.

How are rate limits and other errors identified?

Auth0 provides a unique error code for rate limit violations. Set up automatic log scanning to detect rate limit errors and proactively address activity that exceeds rate limits before it causes issues for users. Auth0 also publishes error codes for other types of errors. Scan logs for authentication errors and errors from Auth0 Management API calls. The Management API Explorer shows Management API error codes below each call.

NOTE: Calling the Management API to retrieve user profile information from within a Rule is a common cause of rate limit errors because such API calls execute for every login and for periodic session checks.

How is the Actions Real-time Logs error console checked?

Add console.log() statements into Rules, Hooks, and custom database scripts. The output from those statements appears in Actions Real-time Logs. Initiate a view of this log console by navigating to Monitoring > Actions Logs in the Auth0 Dashboard.

Related References

• Verify Connections to Troubleshoot Auth0 Issues
• Verify the Platform to Troubleshoot Auth0 Issues
• Verify the Domain to Troubleshoot Auth0 Issues
• Verify Rules to Troubleshoot Auth0 Issues
• Searching Auth0 Logs for Deprecation Errors
• Sanitizing HTTP Traces
• How to Sanitize an HTTP Trace File Automatically
• How to Manually Redact Sensitive Information
• HAR File is Too Large to Upload to the Support Case