After API request session seems to be deleted

lomboboo2 · June 11, 2019, 3:11pm

Hello,

I have implemented Auth0 with the React app. I also check session from the Auth0 JS library to keep connection alive. But the weird thing happens, when I send request to custom API the session seems to be deleted or something.

Here is the excerpt of the request:

// saga.js

function * updateUser ({ payload }) {
  try {
    ...
    yield put(updateUserRoutine.request())
    const data = yield authenticatedRequest('patch', '/me', data)
    auth0Client.silentAuth() // this is only for debug purpose - resolves in error. If request line above is commented out resolves in new access token

    yield put(updateUserRoutine.success())
   ...
  }
  ...
}

// Auth.js
silentAuth = () => {
  this.auth0.checkSession({ scope: this.getScope() || 'openid profile email' }, (err, authResult) => {
      if (err) {
        console.log(err)

        return
      }

      this.setSession(authResult)
    })
}

So after request is sent checkSession (auth0Client.silentAuth()) resolves in error {error: "login_required", error_description: "Login required"}. When I remove API request everything works fine.

Also I should probably mention that API is on different domain than the React app. Any help or guidance is much appreciated

macro · August 27, 2019, 7:04pm

Did you ever figure this out? We are facing the same issue using the Management API to manage user data.

jb0 · August 28, 2019, 1:25pm

If you are authorizing using an audience parameter you will also need to make sure your silent authentication call includes that audience parameter.

Additionally, if you are updating the email or username field this may also require the user to re-authenticate again. If possible don’t patch the entire user record - just the attributes that need to be updated.

It would be interesting to see a trace of the network calls from login through to silent authentication. That will be your best source of truth.