Troubleshooting with HAR files

An HTTP Archive (HAR) is a JSON formatted log of a web browser's interactions with a web server. If authentication isn't working as expected, you can generate and analyze HAR files to find issues. Including a HAR file in your support requests can help speed up the troubleshooting process.

HAR files may contain sensitive data such as cookies, passwords, or client secrets. Obfuscate any sensitive data (using a text editor) before sending HAR files to support.

Generate a HAR file

Firefox

  1. Close all private windows in Firefox.
  2. Open a new private window in Firefox.
  3. Go to Tools > Web Developer > Network
  4. Visit the page and complete the steps that trigger the issue.
  5. When complete, go back to the Network tab, right click and then select Save All As Har.
  6. Before sending the HAR file to us, make sure to obfuscate any sensitive information using a text editor (such as removing passwords, client secrets, and so on).

Google Chrome

  1. Close all incognito windows in Google Chrome.
  2. Open a new incognito window in Google Chrome.
  3. Go to Developers Tools > Network.
  4. Check the Preserve Log option to record all interactions.
  5. Visit the page and complete the steps that trigger the issue.
  6. When complete, go back to the Network tab, right click and then select Save as HAR with Content: Google Dev Tools
  7. Before sending the HAR file to us, make sure to obfuscate any sensitive information using a text editor (such as removing passwords, client secrets, and so on).

Safari

  1. Close all private windows in Safari.
  2. Open a new private window in Safari.
  3. Go to Developer > Inspector > Network
  4. Check the Preserve Log option to record all interactions.
  5. Visit the page and complete the steps that trigger the issue.
  6. When complete, go back to the Network tab, click Export and save the HAR file.
  7. Before sending the HAR file to us, make sure to obfuscate any sensitive information using a text editor (such as removing passwords, client secrets, and so on).

Analyze a HAR file

To view the HAR file, you can use a tool such as Google's HAR Analyzer. Analyze the list of web requests captured in the HAR file. In particular, check the sequence of redirects to see how far you get in the authentication process. This helps identify where the issue is happening. Compare the sequence of redirects to the expected sequence for your authentication flow.

For example:

  • There should be a call to the /authorize endpoint to start the authentication flow.
  • There may be redirects to remote identity providers to prompt the user to log in.
  • Then there should be a redirect back to Auth0 /login/callback (https://login.auth0.com/login/callback).
  • Then there should be a redirect back to your application’s callback URL.