> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to check login and logout to troubleshoot issues

# Check Login and Logout Issues

Here are things to check to help you narrow down when issues occur during login and logout.

## Login Issues

### Is the user prompted for login credentials?

* Does the HAR file show a call to the <Tooltip tip="Authorization Server: Centralized server that contributes to defining the boundaries of a user’s access. For example, your authorization server can control the data, tasks, and features available to a user." cta="View Glossary" href="/docs/glossary?term=authorization+server">authorization server</Tooltip> (`/authorize` endpoint)?

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>
* Is the connection enabled for the application?
* Is the remote authorization service available?
* If using the [Auth0 Universal Login Page](/docs/authenticate/login/auth0-universal-login), try turning off customization and see if authentication works. If login works without your customizations, review your <Tooltip tip="Universal Login: Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity." cta="View Glossary" href="/docs/glossary?term=Universal+Login">Universal Login</Tooltip> Page customization code.

### Is an error message shown after entering credentials?

* Can you test login another way to ensure credentials are correct?
* If password expiration is a possibility, check if password has expired.
* Check your browser's developer tools or web inspector console for errors in the flow before returning to Auth0.
* Check the HAR file - does it show a return to Auth0 (`/login/callback` endpoint)?

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>

  * If not, check that the identity provider has the correct callback URL for Auth0.

### Is a login session established for the user at the authorization server?

* To test this, open a second tab in the same browser and go to the same URL. Are you prompted to log in again?

  * If you're not prompted to log in, a session is there.

### Is a log entry created in your Auth0 Logs?

* If no log entry was created the authentication transaction did not complete or return to Auth0.
* Check the response from the authorization server for error messages.
* Check authorization server logs (if possible) for errors.

### Is an entry created in Auth0 user’s screen with all correct profile info?

* If not, check the response from authorization server in the HAR file. It may not be returning information about the user

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>
* If you're using rules, check your rules scripts for issues.
* If you're using a custom database connection, check your database action scripts for issues.
* If you're using LDAP, check the profile mapper script (`profileMapper.js`) for issues.
* Check your social connection configurations for what profile information is requested.

### Does the HAR file show a token or assertion returned to application?

* Look in the [HAR file](/docs/troubleshoot/troubleshooting-tools/generate-and-analyze-har-files) for the call to your application callback URL.

  <Warning>
    Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

    * Confidential user information
    * Personal identifiable information (PII)
    * Confidential application information

    To learn more, read the following articles on [Auth0 Community](https://community.auth0.com):

    * [Sanitizing HTTP Traces](https://community.auth0.com/t/sanitizing-http-traces/119488)
    * [How to Sanitize an HTTP Trace File Automatically](https://community.auth0.com/t/how-to-sanitize-a-http-trace-file-automatically/120583)
    * [How to Manually Redact Sensitive Information](https://community.auth0.com/t/how-to-manually-redact-sensitive-information/122554)
    * [HAR File is Too Large to Upload to the Support Case](https://community.auth0.com/t/har-file-is-too-large-to-upload-to-the-support-case/122488)
  </Warning>
* Find the <Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=ID+Token">ID Token</Tooltip> (`id_token`) and check if it has the information needed by the application.

### If you decode the token or assertion does it have information you expect?

* View <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JWTs">JWTs</Tooltip> with [JWT.io](http://jwt.io).
* View <Tooltip tip="Security Assertion Markup Language (SAML): Standardized protocol allowing two parties to exchange authentication information without a password." cta="View Glossary" href="/docs/glossary?term=SAML">SAML</Tooltip> assertions with [SAMLTool.io](http://samltool.io).

### If the logged in user cannot access another application with Single Sign-on

1. Is the user trying to login to the second application from the same browser as their initial login?
2. Go to your [Tenant Settings > Advanced Settings](https://manage.auth0.com/#/tenant/advanced) and check the **Log In Session Management** settings. Was the second login attempt within the timeout periods?
3. Check the value passed as the `prompt` parameter in `/authorize` call.
4. Is the connection used to log in to the first application enabled for the second application?
5. Did the second application receive all the necessary user profile information?
6. If using a mobile device, you'll need to use a browser-based flow. For more information, see [Best Practices](/docs/authenticate/login/native-login).

### Check application logs

* Do your application logs show any errors?
* Did the application receive all the information it needs, such as groups or user profile attributes?

## Logout issues

* Did you add your logout redirect URLs to the allow list? If you are using a redirect URL in a logout call it must be registered in either the tenant or application settings.
* If you need federated logout, did you append the `?federated` parameter to the logout call?
* Make sure that the logout redirect URL is different from the login callback URL.
* Make the logout redirect URL an anonymous page (not protected by login) so that redirects to the logout redirect URL do not immediately trigger a login, which may confuse users.
