SPA + Embedded Login + Token Refresh Strategy?

nicolas_sabena · January 1, 2019, 9:41pm

(EDIT: added the fourth possibility, dev keys)

If checkSession is returning login_required this means that Auth0 could not find a valid session for the user. This could be because:

A session was never created. When instantiating Lock, are you using the sso: false option? Doing so instructs Lock to use the token endpoint directly, without setting a session for the user.
The session has expired. Check the session duration in the tenant Advanced Settings.
The session cookie was not included in the request. This could happen if you are not using custom domains and the browser blocks the third-party cookie. Safari actively blocks this.
Using social connections with the default developer keys won’t set an SSO session (see Test Social Connections with Auth0 Developer Keys). Make sure you configure your own keys.

Do any of these help explain the situation?

Topic		Replies	Views
checkSession() returns login_required after login() Help login , refresh	20	11994	January 29, 2019
Getting a refresh token after API returns 401 Help	4	3965	July 16, 2020
How to maintain the user authenticated in a SPA with custom login? Help auth0js , spa , custom-login , renewauth	9	8059	March 2, 2018
Saving refresh token in browser Help refresh-tokens , password-grant	6	3936	November 18, 2019
Login_required when checkSession Help auth0js	6	5928	September 3, 2019