Auth0-react 'LoginRequired' when trying to call getAccessTokenSilently

I have setup a Typescript react app using the tutorial of auth0-react package.

My AuthenticationGuard class correctly redirects the user to login.

However, when they login:

  1. If they refresh the page the browser is redirected to auth0 /authorize then back to my app without me having configured that anywhere
  2. If I call getAccessTokenSilently I get the same redirect as above and I can see that token request fails with login_required error.

Is there some documentation on why I am getting these redirects and ‘login_required’

Hi @azns,

Welcome to the Auth0 Community!

Is there any more info in the login required error?

When the applications does a getTokenSilently, it uses an existing session to renew the access token. The error indicates that the existing session doesn’t exist, is expired, etc.

This FAQ could be helpful: Why is authentication lost after refreshing my single page application?


It seems to work in Chrome only; in Firefox and Brave I am getting to my SPA, it either prompts user to login or makes a call to authorize and it gets id_token and access_token. But when in my code I call getAccessTokenSilently I am simply getting login_required.

I tried working over SSL (I am still developing locally, so my app is at http://localhost:3000) but that made no difference.

Actually it seems that I have worked it out.

In Firefox and Brave this only works if I provide the audience to the Auth0Provider. I can’t use adaptive audience when calling getAccessTokenSilently it simply doesn’t work.

This is pretty odd and what are we supposed to do if we have multiple APIs we want to call?

1 Like

Have you tried using refresh token rotation? Here’s another thread with a similar problem statement.

Additionally, localhost can sometime’s cause a “consent required” error you may see.

@dan.woda I’d love to use refresh token rotation if I found anywhere how to enable it. I checked the toggle forever ago but it doesn’t seem to have any effect. From the requests in the browser I can see that it’s the token is returned in response to authorization_code.

The doc for it is right here: Configure Refresh Token Rotation

Please let me know if you have any questions.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.