According to this topic, it’s implied that silent authentication is possible after a post-login action redirect. What I am trying to do is retrieve an access token after a post-login redirect so that I can make authenticated API calls.
Ideally, I want to do this in
getServerSideProps such that I can gate this redirect path in my application if auth fails. Inside of
getServerSideProps, I’m following docs by redirecting to
https://YOUR_DOMAIN/authorize ?response_type=id_token token& client_id=...& redirect_uri=.../callback& state=...& scope=token token_id& nonce=...& audience=...& response_mode=...& prompt=none
but ultimately, I get a
login required error in the tenant logs and the browser displays a message saying
state missing from the response. My questions are:
- should I be attempting silent auth on the server or client?
- is this the right approach?
I’ve searched exhaustively for a solution to no avail.