Gotrue js error - "This endpoint requires a Bearer token"

Anyone experience this issue?

When accessing my site on mobile Firefox, I am unable to log in through GoTrue js. The response error I get is “This endpoint requires a Bearer token”. This does not happen on desktop or any other browser that I’m aware of.

Hi @vdadfar, if you are using the netlify-identity-widget or your own widget uses the nf_jwt cookie, it may be your browser has cookies support disabled by default. You could try enabling it as mentioned here: Hope that helps.

Hi @Dennis,

I am using my own gotrue-js widget, which does take advantage of the nf_jwt cookie. Turns out this issue is not limited to iOS Firefox, as it occurs on iOS Chrome and both iOS and Mac Safari as well. I’ve made sure all browsers are accepting cookies, and verified with this demo:

Any other ideas on what it could be? Debugging reveals that a call was made to .netlify/identity/token which returned a 400 and the following:

  "error": "invalid_grant",
  "error_description": "Invalid Password"

and a call to .netlify/identity/user returned a 401 with the following:

  "code": 401,
  "msg": "This endpoint requires a Bearer token"

Not sure if this means anything, but a valid user token was sent to /user, but the Authorization for /user was basic, not bearer. I can provide more information on the requests if needed.

For anyone who might be having this problem, it turns out that the basic auth on my site was interfering with requests, replacing the authorization field with an encoding of the username/password. Removing that auth remedies this issue

1 Like

Also, for those who want to keep their auth, including the field “credentials: omit” in your request’s options resolves the issue.


I’m still running into this issue even though I don’t have basic auth setup, any ideas what could be the problem?

Hi @awakash, if you don’t have basic auth enabled, I presume that your issue is not the same as what is in this thread. Could you start a separate topic with as much details to help us point you in the right direction?

I ended up creating a new personal access token on Github to fix the issue,

1 Like