Troubleshooting Authentication Issues
Common authentication problems and their solutions to help you resolve issues quickly
Common Authentication Issues and Solutions
This guide covers the most frequent authentication issues reported by our users and provides step-by-step solutions to resolve them.
1. Login Failures
Symptoms
- Users can't log in despite correct credentials
- Error messages about invalid username/password
- Repeated login prompts
Solutions
Check user status:
- Go to your Authoh Dashboard > Users
- Locate the user account
- Verify the account is active and not blocked or suspended
- Check if email verification is pending
Reset user password:
await auth.resetPassword({
email: 'user@example.com'
});
Verify provider connections: If using social login, ensure the provider connection is properly configured in your dashboard.
2. Token Expiration Problems
Symptoms
- Users are repeatedly logged out
- "Unauthorized" errors after short periods
- Session timeouts earlier than expected
Solutions
Adjust token lifetime:
- Go to Dashboard > Settings > Tokens
- Increase the access token lifetime (default: 60 minutes)
- Increase the refresh token lifetime if needed (default: 14 days)
Implement proper token refresh:
// Check if token is expired before making API calls
if (auth.isTokenExpired()) {
await auth.refreshToken();
}
// Or set up automatic token refresh
auth.enableAutomaticTokenRefresh();
3. CORS Errors
Symptoms
- Console errors about CORS policy violations
- Authentication works locally but fails in production
- API calls failing with 403 errors
Solutions
Configure allowed origins:
- Go to Dashboard > Settings > API
- Add your application domains to the Allowed Origins list
- Use wildcards sparingly (e.g., *.yourdomain.com)
Check request headers: Ensure your API requests include the correct headers:
fetch('https://api.yourdomain.com/data', {
headers: {
'Authorization': `Bearer ${auth.getAccessToken()}`,
'Content-Type': 'application/json'
}
})
4. MFA/2FA Issues
Symptoms
- Users can't complete multi-factor authentication
- MFA codes not being accepted
- Users locked out after device changes
Solutions
Reset MFA for a user:
- Go to Dashboard > Users
- Select the user experiencing issues
- Navigate to the Security tab
- Click "Reset MFA"
- The user will need to set up MFA again on their next login
Provide backup codes: Make sure users have access to their recovery/backup codes that were generated when they set up MFA.
Check time synchronization: For time-based OTP (TOTP), ensure the user's device has correct time and date settings.
5. API Authentication Failures
Symptoms
- API requests failing with 401 errors
- JWT validation errors
- Token signature issues
Solutions
Verify API keys and secrets:
- Go to Dashboard > API > Keys
- Verify you're using the correct API keys
- Regenerate keys if necessary (note: this will invalidate existing keys)
Check JWT configuration:
// Ensure you're using the correct audience and scope
const accessToken = await auth.getTokenSilently({
audience: 'https://api.yourdomain.com',
scope: 'read:data write:data'
});
Need More Help?
If you're still experiencing issues after trying these solutions:
- Check our detailed documentation
- Look through previous support threads for similar issues
- Contact our support team with specific details about your problem
Our team is available to help Monday through Friday, 9am-5pm EST.