/authorize endpoint doesn’t support AJAX-requests, as a successful request will result in a redirect back to the application, not a regular response. It sounds like you’re trying to implement a concept called Silent Authentication.
If I understand correctly, you’re trying to do that for a Single Page Application. For that, auth0.js has a special function:
checkSession. That will open an iframe to perform the silent authentication.
Another way to do it, as described in the first article I linked to, is by redirecting the user to
/authorize and adding the URL parameter
prompt=none to the request. If a rule prevents login or if the user has MFA enabled, you’ll still need to perform a regular redirect to
/authorize, without the
I don’t know how familiar you are with Auth0, but a good place to look for more code examples are the QuickStarts.
Thanks for the reply. I know about the Silent Authentication, about the checkSession() method. My case is:
- we have multiple applications (websites)
- if a user has been logged in on the Site A - he should be logged in on the Site B during a first page loading
- on the Site B there’s a JS script that checks a session via
- if a session exists - a user is redirected to the
"/authorize"endpoint with a
- the problem is that this implementation takes ~10 seconds - so, I’m looking for a way to log in a user in some kind of a background
I’m a bit confused here.
checkSession() should already do what you describe: open an iFrame in the background and perform silent auth, without your user really noticing.
However, are you using Safari by any chance? The tracking prevention in that browser completely blocks auth in the background, so there’d be no other way to login the user than to use the flow you described.