Auth0-react SDK: GetAccessTokenSilently returns error "Login required" in private browser

brandonjolly · May 3, 2022, 6:58am

Hey all,

Hope you are doing good. I am working on the same method right now.
Currently, I’m working on react application where I have integrated auth0 login/signup, and also once users log in, they will select the organization and then will continue for the application.

Here are information about SDK I’m using:

SDK name - “@auth0/auth0-react”
SDK Version - “^1.9.0”
react - “^17.0.2”

And I have declared the required config parameters in Auth0Provider,

{
domain: ‘DOMAIN’,
clientId: ‘CLIENT_ID’,
redirectUri: ‘LOCATION’,
audience: ‘IDENTIFIER_STRING_VALUE’,
cacheLocation: ‘localstorage’,
onRedirectCallback
}

Using this, I can allow use to login simply. but when they select any organization from the list, I will pass that organization id in getAccessTokenSilently method to get token silently for the organization.

await getAccessTokenSilently({
organization: ‘ORGANIZATION_ID’,
ignoreCache: true
});

Now issue is that it is working fine in chrome and firefox, but when I check with chrome incognito or safari, It is not working and keep returning an error “Login Required”.

Am I missing anything? Please help me with this. Thanks!

tyf · May 3, 2022, 11:34pm

Hey there @brandonjolly!

That’s great to hear that everything is working outside of Incognito and Safari at least! i believe the issue you are seeing is related to the blocking of 3rd party cookies by both Chrome Incognito and Safari as outlined in our getAccessTokenSilently documentation:

Note: Getting an Access Token silently without using Refresh Tokens will not work in browsers that block third-party cookies, such as Safari and Brave.

Hope this helps to clarify for you!

brandonjolly · May 6, 2022, 6:50am

Hey @tyf

Thank you so much for your response. I have tried with useRefreshTokens=true and with this, it is working fine and returning a JWT token without any error, but we are missing the organization id in the token, although I have added organization in the getAccessTokenSilently method.

is there any other param I need to add there? Please guide me here. Thanks!

tyf · May 7, 2022, 1:17am

No problem, happy to help where I can!

Good to know everything is working fine regarding refresh tokens - That’s curious the org_id is not included in the ID token. Is it included prior to getAccessTokenSilently is called?

brandonjolly · May 9, 2022, 6:57am

Hey,

No, It isn’t been added before, because we don’t want specific organization login, login will be common. But after that, we will show the organization list in which the user will be part, and the user will select the organization.
And based on that we will fetch the new token which included the organization id so that can help us on the API side to identify the data.

brandonjolly · May 10, 2022, 9:25am

Hey @tyf

Mentioning you in case you have missed the above reply, please look into it. Thanks!

tyf · May 11, 2022, 10:07pm

Hey @brandonjolly sorry just getting around to this!

Are you passing in the org_id on the silent auth attempt something like this?

tyf · May 11, 2022, 10:09pm

Sorry, looping back I see that is the case - I’m still trying to figure out why the org_id wouldn’t be included in that case

tyf · May 11, 2022, 10:36pm

A couple ideas in terms of isolating the issue:

Are you able to locate the org_id param in the /authorize request associated with the getAccessTokenSilently silently call?
I’d be curious to know if the org_id is indeed included as a claim in the ID Token if you about this the standard route - That is, by having a user log in and specify the Organization they belong to when they log in. If you’re interested in doing this our React sample app might be the easiest route.

Let us know!

tyf · May 26, 2022, 10:37pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.