Auth0.js checkSession slow

rubenhak · September 3, 2019, 11:52pm

Hi There,

We are using auth0.js in a static web page. Login/signup buttons are rendered dynamically depending on the login state. We are using auth0.checkSession with a callback. It takes anywhere from 500ms to 2 seconds depending on the connection for the callback to respond, even if there is no user logged in.

My understanding was that auth0.js would use local storage to determine if the user is signed in or not, but we see it making a request to:
https://xxx.auth0.com/authorize?client_id=xxx&response_type=token%20id_token&redirect_uri=xxx&scope=read%3Acurrent_user%20profile%20email%20openid&audience=xxx&state=xxxx&nonce=xxx&response_mode=web_message&prompt=none&auth0Client=xxx

We are not making any call except for checkSession. Using: https://cdn.auth0.com/js/auth0/9.11/auth0.min.js

This not only causes slowness in the UI to render, but also seems completely unnecessary.

Thanks,
Ruben

dan.woda · September 5, 2019, 9:53pm

Hi @rubenhak,

checkSession is used for silent auth and initiates a request for a new token. That is why you are seeing a request in a hidden iframe.

https://auth0.com/docs/libraries/auth0js/v9#using-checksession-to-acquire-new-tokens

Tokens should not be stored in localStorage, and should be stored in memory without being persisted.

berlioz · September 6, 2019, 7:48pm

hi @dan.woda,

Got it. Can you suggest a method to quickly determine that the user is not logged in. It is ok if it takes longer to fetch a token for logged in users. This is more critical for users that had never logged in to the sites.

Its a statically hosted web page, which also has backend.

Thanks,
Ruben

dan.woda · September 16, 2019, 5:01pm

I apologize for the delayed response.

You could add a flag in localStorage (not a token or user data) indicating if the user has previously logged in. You can check that flag and do your silent auth or display the login buttons.

Although, I can’t find any examples of this process, and it seems as though checkSession is working for most users. Are you using one of our quickstarts? I am curious if your implementation is not working as intended.

Thanks,
Dan

dan.woda · September 30, 2019, 9:01pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.