According to this topic, it’s implied that silent authentication is possible after a post-login action redirect. What I am trying to do is retrieve an access token after a post-login redirect so that I can make authenticated API calls.
Ideally, I want to do this in getServerSideProps
such that I can gate this redirect path in my application if auth fails. Inside of getServerSideProps
, I’m following docs by redirecting to
https://YOUR_DOMAIN/authorize ?response_type=id_token token& client_id=...& redirect_uri=.../callback& state=...& scope=token token_id& nonce=...& audience=...& response_mode=...& prompt=none
but ultimately, I get a login required
error in the tenant logs and the browser displays a message saying state missing from the response
. My questions are:
- should I be attempting silent auth on the server or client?
- is this the right approach?
I’ve searched exhaustively for a solution to no avail.