According to this topic, it’s implied that silent authentication is possible after a post-login action redirect. What I am trying to do is retrieve an access token after a post-login redirect so that I can make authenticated API calls.

Ideally, I want to do this in getServerSideProps such that I can gate this redirect path in my application if auth fails. Inside of getServerSideProps, I’m following docs by redirecting to

https://YOUR_DOMAIN/authorize ?response_type=id_token token& client_id=...& redirect_uri=.../callback& state=...& scope=token token_id& nonce=...& audience=...& response_mode=...& prompt=none

but ultimately, I get a login required error in the tenant logs and the browser displays a message saying state missing from the response. My questions are:

• should I be attempting silent auth on the server or client?
• is this the right approach?

I’ve searched exhaustively for a solution to no avail.