I’ve successfully implemented Auth0 with a SPA frontend using the @auth0/auth0-react package and when logging in as a normal user, everything is working fine. Most notably, when I do a full page refresh, I’m still logged in.
However, if I go to Applications → {My App} → Organizations and then set What types of end-users will access this application? to Team members of organizations (which is what I need for this app) and then enable Display Organization Prompt, a full page refresh of my website will redirect me to the Universal Login screen every time. I have enabled and disabled these options a couple of times and it’s reproducible every time.
I use the withAuthenticationRequired Higher Order Component function and looking at its implementation, I suspect the SDK has a bug related to the isAuthenticated flag in the case where the user has logged in under an organization that makes isAuthenticated be false and invoke loginWithRedirect unnecessarily.
Edit: This is my experience on localhost while developing. I haven’t tested if this behaves differently in a production setting.
Looks like this is being worked on in the underlying auth0-spa-js library but could take some time to pass testing and for the react library to be updated.