Troubleshooting
Most widget issues fall into three buckets: loading, auth, or sponsor behaviour. This page walks the symptoms of each and how to isolate the cause.
Widget never appears
Symptom: the host <div> is empty, no error in the console.
Check, in order:
- Is the loader script loading? Open Network tab, look for
widgets.osigu.com/v1/loader.js. If it's blocked, CSP or an ad-blocker is at fault. - Did you await
window.osiguReady? If you callOsiguPreAuth.mountbefore the loader finished,OsiguPreAuthisundefinedand mount throws silently. Alwaysawait window.osiguReady;first. - Is the container selector correct?
document.querySelector('#osigu-preauth')should return a real node. If not, mount errors are logged with[Osigu]prefix — filter the console. - Height collapse? If the container has
height: 0and no min-height, the widget renders but is invisible. Add amin-heightor let the widget size itself.
TypeError: Cannot read property 'access_token' of undefined
Your getToken callback isn't returning what the widget expects.
The contract: getToken must return a Promise resolving to a string — the raw access_token value, not the full OAuth response.
// ❌ Wrong
getToken: async () => (await fetch('/api/osigu/token')).json()
// ✅ Right
getToken: async () => {
const { access_token } = await (await fetch('/api/osigu/token')).json();
return access_token;
}
WIDGET-TOKEN error
Fired via onError. Two subvariants:
- Token expired mid-flow. Your
getTokenreturned a token whoseexphas passed. Fix: don't cache the token past its expiry; the widget callsgetTokenper API call, so returning a fresh token here works. - Token missing scope. The token doesn't carry the scopes the widget needs (
arc:read,arc:write). Check thescopefield in/oauth/tokenresponse.
WIDGET-NETWORK error
The widget retried a call three times and gave up. Check the browser's network tab for the failing endpoint. Common culprits:
- CSP blocking
connect-src https://sandbox.osigu.com. - Corporate proxy stripping
Authorizationheaders. - Your token proxy (
/api/osigu/token) is down.
OTP flow never resolves
The user says they never received the code. Diagnose:
- Environment mismatch. Sandbox OTP goes to a mock delivery service (test SMS to a fake phone number). Production OTP goes to the real number of record. If you're in sandbox and the beneficiary is waiting on a real phone, that's why.
- Sponsor doesn't support OTP for this product type. Rare, but possible — the widget should not have triggered OTP. If you see this, email
support@osigu.comwith yourtrackingId. - Rate limit hit. More than 5 OTP sends per hour for the same beneficiary/sponsor →
429. Wait an hour.
Sponsor rejects the request
onComplete fires with authorizations[i].status === 'REJECTED'. The rejection_reason is set by the sponsor. Show it to the user — Osigu never re-writes sponsor rejection copy.
If you think the rejection is wrong, contact the sponsor's operations team, not Osigu. Osigu didn't make the decision; we just relayed it.
403 Forbidden in the network tab
Two flavours:
403on/sponsors/{slug}/forms— Your provider isn't affiliated with this sponsor. ChecklistSponsors.403on/authorization-requests— Your token doesn't carryarc:write, or the sponsor rejected the provider at the request-level (e.g. provider blocked). Contact Osigu support.
Widget iframe blocked
Some CSPs block iframes by default. The OTP challenge and the biometric capture render in an Osigu-hosted iframe. Add:
frame-src https://widgets.osigu.com;
Analytics events missing
You wired onStepChange but nothing fires? Check for silent mount failures — a mount error prevents onReady and everything downstream. Enable debug: true in the config; verbose logs will show why.
Getting help
Include these in every support email:
- Your
trackingId(the value you set intelemetry.trackingIdat mount time). - The timestamp of the failing session (browser time is fine).
- The environment (sandbox / production).
- A screenshot of the widget state when it failed.
- The console error if any.
Email support@osigu.com.
Related
- Events — the
onError.codevalues and what they mean. - Configuration — verify your options match the contract.