Auth0-react not getting accessToken on requests

gmwill934 · April 19, 2021, 4:17am

Please include the following information in your post:

Which SDK this is regarding: e.g. auth0-react
SDK Version: 1.4.0
Platform Version: Node v14.15.4
Code Snippets/Error Messages/Supporting Details/Screenshots:

I have a client application and a secure API with auth0, both are working perfectly on Chrome.

I was trying to use Safari and Chrome Incognito and I found out that the accessToken that I get from getAccessTokenSilently is not being sent on the requests. Is there some known bug to this? It’s so frustrating because it works in chrome perfectly.

Am I missing something?

stephanie.chamblee · April 19, 2021, 1:35pm

Hi @gmwill934,

It sounds like you may be running into an issue with blocked third-party cookies. To confirm this, you can set the cacheLocation to localstorage in the Auth0Provider:

ReactDOM.render(
  <Auth0Provider
    domain={config.domain}
    clientId={config.clientId}
    audience={config.audience}
    redirectUri={window.location.origin}
    onRedirectCallback={onRedirectCallback}
    useCookiesForTransactions={true}
    cacheLocation="localstorage" // <- update cache location
  >
    <App />
  </Auth0Provider>,
  document.getElementById("root")
);

There are security considerations regarding storing tokens in local storage which you can read more about here: Token Storage

Alternatively, you can use a Custom Domain so that the cookies won’t be seen as 3rd-party by the browser.

Related FAQ: Why is authentication lost after refreshing my single page application?

gmwill934 · April 19, 2021, 5:17pm

I’ll try a custom domain for now, see if that works.

gmwill934 · April 19, 2021, 9:59pm

I just tried a custom domain and the behavior is the same. Any thoughts on this?

gmwill934 · April 19, 2021, 10:09pm

    <Auth0Provider
          domain={domain}
          clientId={clientId}
          redirectUri={redirectUri}
          audience={audience}
          cacheLocation='localstorage'
        ></App>
     </Auth0Provider>

Not working on safari or chrome incognito.

Only working on chrome and firefox.

stephanie.chamblee · April 20, 2021, 11:34am

Hm, sorry to hear that! When you call getAccessTokenSilently are you using a different scope or audience from what is in the Auth0Provider? I’ve seen in some cases if the audience/scope is different from what is initialized in Auth0Provider, then silent auth will be required and may fail.

gmwill934 · April 20, 2021, 9:34pm

Using the same audience on Auth0Provider and getAccessTokenSilently, I’m currently not passing a scope prop.

gmwill934 · April 21, 2021, 7:08am

So, it’s also not working on chrome for iOS… It seems that it only works for chrome on mac and windows…?

stephanie.chamblee · April 21, 2021, 7:28pm

Hi @gmwill934,

In order to troubleshoot this, could you please create a HAR file of the authentication flow and send it to me in a private message (you can send a private message by clicking on my avatar and selecting message)? Thank you!

gmwill934 · April 22, 2021, 4:01pm

thanks, let me generate that file.

gmwill934 · April 30, 2021, 1:57pm

I sent you the file as a direct message.

senthil.ma · July 31, 2021, 4:43am

Any updates on this issue ?
I am also running into same issues while fetching access token using react auth0 sdk with safari browser and iPad browsers.

gmwill934 · August 4, 2021, 6:49am

None for me, sadly I stopped paying auth0. I’m currently looking for other providers. Wish you the best of luck and hopefully you can get this solved.

jo.antonio · October 20, 2022, 12:55am

Hello here! Any updates on the issue? I’m also encountering the same issue.

sammybhag · December 18, 2023, 3:23am

having the exact same issue… did anyone solve this issue of the function not working in safari, chrome on iphone, incognito?