Generate and Analyze HAR Files
A HAR (HTTP Archive) file shows the sequence of redirects that happen during a login transaction. It's an excellent tool for debugging authentication issues, as it can identify where things get stuck. A HAR file is a JSON formatted log of a web browser's interactions with a web server. If authentication isn't working as expected, you can generate and analyze HAR files to find issues. Including a HAR file in your support requests can help speed up the troubleshooting process.
Generate HAR files with browsers
Google Chrome
Close all incognito windows in Google Chrome.
Open a new incognito window in Google Chrome.
Go to View > Developer > Developers Tools.
In the Developer Tools pane, choose the Network tab.
Check the Preserve Log checkbox to record all interactions.
Visit the page and complete the steps that trigger the issue.
Choose the Network tab.
Click the down arrow to export the HAR file.
Save the HAR file.
Next remove any sensitive information from the file.
Open the HAR file with a text editor of your choice.
Search for all instances of
"Password"
.Replace these values with a placeholder value such as
"*****"
.Save the HAR file.
Safari
Ensure that Show Develop menu in menu bar checkbox is checked under Safari > Preferences > Advanced.
Choose File > Open New Private Window.
Visit the web page where the issue occurs.
Choose Develop > Show Web Inspector. The Web Inspector window appears.
Complete the steps on the page that trigger the issue.
Select the Network tab.
Click Export on the upper right side of the pane.
Save the HAR file.
Next remove any sensitive information from the file.
Open the HAR file with a text editor of your choice.
Search for all instances of
"Password"
.Replace these values with a placeholder value such as
"*****"
.Save the HAR file.
Firefox
Close all private windows in Firefox.
Open a new private window in Firefox.
Go to Tools > Developer > Network or ctrl-shift-E.
Visit the page and complete the steps that trigger the issue.
Choose the Network tab and right click and then select Save All As Har.
Save the HAR file.
Next remove any sensitive information from the file.
Open the HAR file with a text editor of your choice.
Search for all instances of
"Password"
.Replace these values with a placeholder value such as
"*****"
.Save the HAR file.
Microsoft Edge
Close all InPrivate windows in Microsoft Edge.
Open a new InPrivate window (Ctrl + Shift + N).
Go to Settings and more (the ... icon) then choose More Tools > Developer Tools.
Start a profiling session on the Network tab of the Developer Tools toolbar.
Visit the page and complete the steps that trigger the issue.
Select Export as HAR (Ctrl+S) and save the HAR file.
Next remove any sensitive information from the file.
Open the HAR file with a text editor of your choice.
Search for all instances of
"Password"
.Replace these values with a placeholder value such as
"*****"
.Save the HAR file.
Internet Explorer
Close all InPrivate windows in Internet Explorer.
Open a new InPrivate window in Internet Explorer (ctrl+shift+P.)
Go to Tools > F12 Developer Options > Network.
Ensure Clear entries on navigate is switched off.
Visit the page and complete the steps that trigger the issue.
Choose the Network tab and select Export as HAR (Ctrl+S).
Save the HAR file.
Next remove any sensitive information from the file.
Open the HAR file with a text editor of your choice.
Search for all instances of
"Password"
.Replace these values with a placeholder value such as
"*****"
.Save the HAR file.
Analyze HAR files
To view the HAR file, use a tool such as Google's HAR Analyzer.
Analyze the list of web requests captured in the HAR file. In particular, check the sequence of redirects to see how far you get in the authentication process. This helps identify where the issue is happening.
Compare the sequence of redirects to the expected sequence for your authentication flow.
For example:
There should be a call to the
/authorize
endpoint to start the authentication flow.There may be redirects to remote identity providers to prompt the user to log in.
Then there should be a redirect back to Auth0
/login/callback
(https://login.auth0.com/login/callback
).Then there should be a redirect back to your application’s callback URL.