Auth0-react 'LoginRequired' when trying to call getAccessTokenSilently

azns · June 21, 2023, 7:08am

I have setup a Typescript react app using the tutorial of auth0-react package.

My AuthenticationGuard class correctly redirects the user to login.

However, when they login:

If they refresh the page the browser is redirected to auth0 /authorize then back to my app without me having configured that anywhere
If I call getAccessTokenSilently I get the same redirect as above and I can see that token request fails with login_required error.

Is there some documentation on why I am getting these redirects and ‘login_required’

dan.woda · June 23, 2023, 12:18pm

Hi @azns,

Welcome to the Auth0 Community!

Is there any more info in the login required error?

When the applications does a getTokenSilently, it uses an existing session to renew the access token. The error indicates that the existing session doesn’t exist, is expired, etc.

This FAQ could be helpful: Why is authentication lost after refreshing my single page application?

azns · June 26, 2023, 3:07am

No.

It seems to work in Chrome only; in Firefox and Brave I am getting to my SPA, it either prompts user to login or makes a call to authorize and it gets id_token and access_token. But when in my code I call getAccessTokenSilently I am simply getting login_required.

I tried working over SSL (I am still developing locally, so my app is at http://localhost:3000) but that made no difference.

azns · June 26, 2023, 3:13am

Actually it seems that I have worked it out.

In Firefox and Brave this only works if I provide the audience to the Auth0Provider. I can’t use adaptive audience when calling getAccessTokenSilently it simply doesn’t work.

This is pretty odd and what are we supposed to do if we have multiple APIs we want to call?

dan.woda · June 26, 2023, 1:13pm

Have you tried using refresh token rotation? Here’s another thread with a similar problem statement.

https://community.auth0.com/t/auth0-react-sdk-getaccesstokensilently-returns-error-login-required-in-private-browser/82781/3

Additionally, localhost can sometime’s cause a “consent required” error you may see.

azns · June 26, 2023, 11:28pm

@dan.woda I’d love to use refresh token rotation if I found anywhere how to enable it. I checked the toggle forever ago but it doesn’t seem to have any effect. From the requests in the browser I can see that it’s the token is returned in response to authorization_code.

dan.woda · June 27, 2023, 11:56am

The doc for it is right here: Configure Refresh Token Rotation

Please let me know if you have any questions.

system · July 26, 2023, 3:20pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.