Register Allowed Web Origins on Auth0 Client

Hi people,

In the recent incident, we encounter a global limit error on auth0 that mostly caused by too many failed silent login attempts to auth0. And most of them are because the Allowed Web Origins field is not set correctly on auth0 client configuration.

To reduce the errors and to prevent unnecessary retries on silent login, we need your help to check on auth0 dashboard whether the Allowed Web Origins field is already set on your client.

You need to register all your base URLs includes dev preview if you are using static web CI/CD. You can use wildcard for the autogenerated sub domain see the docs here for more detail information https://auth0.com/docs/applications/wildcards-for-subdomains

Who’s impacted?

All SPA application (internal PAD or extranet) that use auth0 clients.

How to?

Open auth0 dashboard https://manage.auth0.com/dashboard/us/tvlk-dev/applications
Find your application (you can use application name of client id)
Find Allowed Web Origins Field
Register all your web base url, for example:

https://crud.ath.staging-traveloka.com, http://localhost:3000, https://*.crud.ath.development-traveloka.com, http://crud.ath.development-traveloka.com

Save changes

If you have any question feel free to DM me or reply on the thread.

Thanks