FAQs / Troubleshooting
A knowledge base for troubleshooting
Onboarding FAQs
How do I use Anon to automate actions via my backend app?
-
First, the end-user needs to link their account (in Web, this is via the Chrome extension triggered in the frontend app).
That saves the user session in Anon, so your backend app can use it.
The onboarding flow will walk you through an example of doing so above.
How do I link an end-user via my frontend app?
-
Connection flow: open dialog → confirm extension → login into IG → green checkmark in dialogue
The end user’s session is now saved, and Anon could now access it via the end user’s
user_app_id
in your backend app.
Anon’s example credentials only provided one example user. How do I generate a new example_app_user_id
and token?
- Note: The credentials Anon provided include an example JWKS; this should be used for testing only. For production, we strongly recommend using your own JWKS.
- That said, if you are using Anon’s 1password-provided JWKS, you can generate additional JWTs with this script:
- If you are using an Anon-hosted UserPool, use the endpoint
/appUserIdToken
to issue a newappUserIdToken
.
Could I create another UserPool
or SdkClient
?
-
Yes! You can have multiple
UserPool
andSdkClient
within your Organization — eachUserPool
requires a JWKS, which could be the mock one provided by Anon or your own.Each
SdkClient
has one correspondingUserPool
; follow this guide to create them.- Note apps reference the
SDK_CLIENT_ID
, so you’d need to re-set that value.
- Note apps reference the
How do I use my own identity provider?
-
Follow this guide to create a new
UserPool
with your provider’s JWKS. Then, create aSdkClient
corresponding to that newUserPool
.Since apps reference a
SDK_CLIENT_ID
, be sure to change those as needed to your newSdkClient
’s id.
What if I create JWTs without going through an OAuth provider?
- You could host your own JWKS and use that to create a
SdkClient
.- Follow this guide.
- You must use a JWT with the required claims and
"sub"
to uniquely identify the user as anappUserIdToken
. We also require the"kid"
header, which specifies the key signing the JWT.- Your JWKS could have one or multiple public keys. Host it at a URL like
https://yourcompany.ai/.well-known/jwks.json
, per convention.
- Your JWKS could have one or multiple public keys. Host it at a URL like
I’m done testing. How do I use Anon in prod
environment?
-
Contact Anon and we’ll generate prod credentials for you.
Note for prod, you’d want to use your own identity provider.
Given prod credentials and your JWKS, create a new SdkClient corresponding to your JWKS.
General FAQs
We have an in-house auth system. Do we need to use OpenID Connect (OIDC)?
- No, OIDC is not required. You can integrate your in-house system with Anon by implementing a custom JSON Web Token (JWT) solution. Here’s how:
Integration Troubleshooting
Anon endpoints
Creating UserPool
: Unauthorized
or "error": "Upstream error"
- Make sure you’re using
Authorization: Bearer <session_token>
Creating UserPool
: error decoding response body: expected value at line 1 column 1
- Check that the JWKS url you created is public. Anon’s interaction with the url is that Anon’s servers download the key set and use it to verify signatures of your JWT ID tokens.
Frontend app
CORS issue
Access to fetch at 'https://svc.sandbox.anon.com/account/api/v1/appIntegration?id=instagram' from origin 'https://link.svc.sandbox.anon.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
- Cause: end-user’s browser interprets an Unauthorized Error as a CORS error, because it’s from an Options HTTP request.
- Check that the frontend app’s config has correct values.
- For
"clientId"
, check that it’s theSdkClient
corresponding to theUserPool
which points to your desired JWKS.- If you’re using an Anon-provided 1password file with multiple
SdkClient
s, check that you’re using the webappSdkClient
, not the serviceSdkClient
- If you’re generating your own JWTs, refer to this FAQ.
- If you’re using an Anon-provided 1password file with multiple
- For
"appUserIdToken"
, check that the app user credentials come from the JWKS corresponding to theSdkClient
.- If you’re using an Anon-provided 1password file, it is
example_app_user_id_token
. You can generate additional exampleappUserIdToken
s as follows. - If you’re generating your own JWTs, check that they have a
"kid"
header, which specifies the key signing the JWT. They should be signed with the samekid
as what’s in your JWKS.
- If you’re using an Anon-provided 1password file, it is
500 response for AnonLink.init()
- Check that you’re using the correct
SdkClient
, which should correspond to theUserPool
you want to use. - If you’re switching to a new identity provider, create a new
UserPool
pointing to its JWKS and a correspondingSdkClient
and verify you’re using the newSdkClient
’s id.
Backend app
SyntaxError: Unexpected token 'export'
- Add
"type": "module"
to yourpackage.json
file. This sets your project to use ECMAScript modules (ESM) instead of CommonJS, enabling the use ofimport
andexport
statements.
Error translating external user id: 404 - Not Found
- Check that the end-user had been linked. If using the examples, the
appUserId
on the backend app should correspond to anappUserIdToken
you had linked on the frontend app. - Connect the user via your frontend app and Chrome extension, and try again.
Error translating external user id: 500 - Internal Server
- Check that the end-user had been linked. If using the examples, the
appUserId
on the backend app should correspond to anappUserIdToken
you had linked on the frontend app. - Connect the user via your frontend app and Chrome extension, and try again.
ERR_TUNNEL_CONNECTION_FAILED
- Check that the end-user had been linked. If using the examples, the
appUserId
on the backend app should correspond to anappUserIdToken
you had linked on the frontend app. - Connect the user via your frontend app and Chrome extension, and try again.
Error translating external user id: 429 - Too Many Requests
- If you’re sending a large number of requests, you might be hitting Anon’s ory rate limit. Check that your app’s environment is configured as
"prod"
instead of"sandbox"
or"staging"
, since that has better rate limits.
Specific integrations
Amazon
-
Symptom: Auto-closing sign-in page for users with existing sessions
Description: When a user with a saved session in Anon connects, the sign-in page briefly appears before automatically closing after a few seconds.
Status: Expected behavior
Note: This process ensures session validation while minimizing user interaction for those already authenticated.
Was this page helpful?