FAQs / Troubleshooting
A knowledge base for troubleshooting
Onboarding FAQs
How do I use Anon to automate actions via my backend app?
First, the end-user needs to link their account (in Web, this is via the Chrome extension triggered in the frontend app).
That saves the user session in Anon, so your backend app can use it.
The onboarding flow will walk you through an example of doing so above.
How do I link an end-user via my frontend app?
Connection flow: open dialog → confirm extension → login into IG → green checkmark in dialogue
The end user’s session is now saved, and Anon could now access it via the end user’s user_app_id in your backend app.
Anon’s example credentials only provided one example user. How do I generate a new example_app_user_id and token?
That said, here is how to generate another example app user using Anon’s provided JWKS.
Could I create another UserPool or SdkClient?
Yes! You can have multiple UserPool and SdkClient within your Organization — each UserPool requires a JWKS, which could be the mock one provided by Anon or your own.
Each SdkClient has one corresponding UserPool.
Note apps reference the SDK_CLIENT_ID, so you’d need to re-set that value.
How do I use my own identity provider?
Create a new UserPool with your provider’s JWKS. Then, create a SdkClient corresponding to that new UserPool.
Since apps reference a SDK_CLIENT_ID, be sure to change those as needed to your new SdkClient’s id.
What if I create JWTs without going through an OAuth provider?
You could host your own JWKS and use that to create a SdkClient.
-
Follow this guide. You must use a JWT with the required claims and
"sub"to uniquely identify the user as anappUserIdToken. We also require the"kid"header, which specifies the key signing the JWT. -
Your JWKS could have one or multiple public keys. Host it at a URL like
https://yourcompany.ai/.well-known/jwks.json, per convention.
I’m done testing. How do I use Anon in prod environment?
Contact Anon via Slack or email and we’ll generate a prod API key for you.
General FAQs
We have an in-house auth system. Do we need to use OpenID Connect (OIDC)?
No, OIDC is not required. You can integrate your in-house system with Anon by implementing a custom JSON Web Token (JWT) solution. Here’s how:
Integration Troubleshooting
Anon endpoints
Creating UserPool: Unauthorized or "error": "Upstream error"
Make sure you’re using Authorization: Bearer <session_token>
Creating UserPool: error decoding response body: expected value at line 1 column 1
Check that the JWKS url you created is public. Anon’s interaction with the url is that Anon’s servers download the key set and use it to verify signatures of your JWT ID tokens.
Frontend app
CORS issue
Access to fetch at 'https://svc.sandbox.anon.com/account/api/v1/appIntegration?id=instagram' from origin 'https://link.svc.sandbox.anon.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Cause: end-user’s browser interprets an Unauthorized Error as a CORS error, because it’s from an Options HTTP request.
Check that the frontend app’s config has correct values.
For "clientId", check that it’s the SdkClient corresponding to the UserPool which points to your desired JWKS.
-
If you’re using an Anon-provided 1password file with multiple
SdkClients, check that you’re using the webappSdkClient, not the serviceSdkClient -
If you’re generating your own JWTs, refer to this FAQ.
For "appUserIdToken", check that the app user credentials come from the JWKS corresponding to the SdkClient.
-
If you’re using an Anon-provided 1password file, it is
example_app_user_id_token. You can generate additional exampleappUserIdTokens as follows. -
If you’re generating your own JWTs, check that they have a
"kid"header, which specifies the key signing the JWT. They should be signed with the samekidas what’s in your JWKS.
500 response for AnonLink.init()
Check that you’re using the correct SdkClient, which should correspond to the UserPool you want to use.
If you’re switching to a new identity provider, create a new UserPool pointing to its JWKS and a corresponding SdkClient and verify you’re using the new SdkClient’s id.
Backend app
SyntaxError: Unexpected token 'export'
Add "type": "module" to your package.json file. This sets your project to use ECMAScript modules (ESM) instead of CommonJS, enabling the use of import and export statements.
Error translating external user id: 404 - Not Found
Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
Connect the user via your frontend app and Chrome extension, and try again.
Error translating external user id: 500 - Internal Server
Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
Connect the user via your frontend app and Chrome extension, and try again.
ERR_TUNNEL_CONNECTION_FAILED
Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
Connect the user via your frontend app and Chrome extension, and try again.
Specific integrations
Amazon
Symptom: Auto-closing sign-in page for users with existing sessions
Description: When a user with a saved session in Anon connects, the sign-in page briefly appears before automatically closing after a few seconds.
Status: Expected behavior
Note: This process ensures session validation while minimizing user interaction for those already authenticated.
Was this page helpful?