Auth0-react 'LoginRequired' when trying to call getAccessTokenSilently

azns · June 21, 2023, 7:08am

I have setup a Typescript react app using the tutorial of auth0-react package.

My AuthenticationGuard class correctly redirects the user to login.

However, when they login:

If they refresh the page the browser is redirected to auth0 /authorize then back to my app without me having configured that anywhere
If I call getAccessTokenSilently I get the same redirect as above and I can see that token request fails with login_required error.

Is there some documentation on why I am getting these redirects and ‘login_required’

dan.woda · June 23, 2023, 12:18pm

Hi @azns,

Welcome to the Auth0 Community!

Is there any more info in the login required error?

When the applications does a getTokenSilently, it uses an existing session to renew the access token. The error indicates that the existing session doesn’t exist, is expired, etc.

This FAQ could be helpful: Why is authentication lost after refreshing my single page application?

azns · June 26, 2023, 3:07am

No.

It seems to work in Chrome only; in Firefox and Brave I am getting to my SPA, it either prompts user to login or makes a call to authorize and it gets id_token and access_token. But when in my code I call getAccessTokenSilently I am simply getting login_required.

I tried working over SSL (I am still developing locally, so my app is at http://localhost:3000) but that made no difference.

azns · June 26, 2023, 3:13am

Actually it seems that I have worked it out.

In Firefox and Brave this only works if I provide the audience to the Auth0Provider. I can’t use adaptive audience when calling getAccessTokenSilently it simply doesn’t work.

This is pretty odd and what are we supposed to do if we have multiple APIs we want to call?

dan.woda · June 26, 2023, 1:13pm

Have you tried using refresh token rotation? Here’s another thread with a similar problem statement.

https://community.auth0.com/t/auth0-react-sdk-getaccesstokensilently-returns-error-login-required-in-private-browser/82781/3

Additionally, localhost can sometime’s cause a “consent required” error you may see.

azns · June 26, 2023, 11:28pm

@dan.woda I’d love to use refresh token rotation if I found anywhere how to enable it. I checked the toggle forever ago but it doesn’t seem to have any effect. From the requests in the browser I can see that it’s the token is returned in response to authorization_code.

dan.woda · June 27, 2023, 11:56am

The doc for it is right here: Configure Refresh Token Rotation

Please let me know if you have any questions.

Topic		Replies	Views
getAccessTokenSilently throws error login required Get Help	5	11283	May 5, 2022
Can't use getAccessTokenSilently after enabling rotating refresh token when 3rd party cookies are blocked Get Help cookie	3	4649	June 25, 2021
Refresh tokens and getAccessTokenSilently behaviour Get Help sessions , rotating-refresh-tokens	4	1366	May 2, 2025
getAccessTokenSilently not working in @auth0/auth0-react even with custom domain verified Get Help configuration , application	6	1427	May 17, 2024
Auth0-react SDK index.js:1 Error: Login required Get Help	2	4877	November 30, 2020

Auth0-react 'LoginRequired' when trying to call getAccessTokenSilently

Related topics