We have been facing the above mentioned issue from the starting but now it has become our only reason not to use auth0 for authorization. We need the solution for the problem ASAP as we need to roll out our product which is development ready and up for testing .
The issue :-
When the user logs in using email and password in the chrome browser, the access token present in the redirect URL is not being resolved . The reason is unknown and we are not getting any errors in the console also . We had done our research in the respective field and found that it might happen due to some adblocker but we removed all the extensions present in the chrome browser . This not only happens on chrome but also on safari so please can anyone help us out .
Ideally whenever the user logs in using his email-id and password they get redirected to the redirect-uri along with the code which then further authenticate user with access token. But in chrome specifically the user is getting stuck at the redirect-uri (the one with the code) but the work flow works just fine in other browsers and also the social login works great with all the browsers.
P.S:We are using Auth0-provider react sdk.
I had a chance to look at the file, and I see some odd behavior. Could you please share the details of your implementation? A code snippet is a good place to start. Particulary in how you are handling the auth code.
Hey Dan,
So glad to hear back from you , so here is how we handle the auth code that is redirected to us by auth0 we call getAccessTokenSilently() function of â@auth0/auth0-reactâ react library below is the code snippet provided . The function return us the access token and id token . Below is the representation of request and response:-
FYI, the SDK has token caching built in to getAccessTokenSilently. When it fetches a token, it sets it in the specified cacheLocation and only retrieve a new one when the existing token is no longer valid. No need to handle that manually.
Iâm seeing requests to a /loading-tokens endpoint. Is that something youâve done in your app?
In the HAR you sent, it looks like the request gets hung up on that endpoint.
Did you follow one of our quickstarts when setting up the app? You shouldnât need to handle the code and verifier at all, the SDK does all of that for you.
We followed the quickstarts but we needed to store the access token explicitly to send it to the backend api calls, this method work great for other browsers but for chrome it doesnât.
Yes, Iâve looked at the HAR. It appears something in your code prevents the rest of the flow from completing, and considering it is ending on the non-auth0 endpoint /loading-tokens, I would start there.
Can you share what is happening in your code at that endpoint?
Also, a HAR from another browser, with it working, could be useful.
I would also suggest removing the redundant behavior in your app (i.e. fetchAccessTokenAuth0, GATS, etc.)
I noticed a few potential issues while looking at those captures:
Your app is incorrectly registered as a Regular Web App. If you are running a SPA (React), it should be registered as such.
You are missing the Allowed Web Origins in your application settings. Without this, you will not be able to refresh silently.
You are requesting refresh tokens, but not receiving them. If you look at the request, you arenât returned a refresh token at any point.
You are storing access tokens in localstorage. This is generally considered a bad practice.
The problems logging in may be a result of the Allowed Web Origins settings, but it could be unrelated.
I would highly recommend following our React Quickstart for setting up your app, as it appears you are missing several pieces of the boilerplate setup, and are including some anti-patterns that should be avoided.
Hey Dan, I implemented the first and second points and configured my app as per the React Quickstart as well. Can you explain how I can implement the rest (bypass the local storage and still get access tokens at any point)?
Given below is the new code for the Provider:
import React from "react";
import * as ReactDOMClient from 'react-dom/client';
import App from "./App";
import { Auth0Provider } from "@auth0/auth0-react";
import { clientID, domain } from "../src/API";
import { BrowserRouter } from "react-router-dom";
const root = ReactDOMClient.createRoot(document.getElementById("root"));
root.render(
<React.StrictMode>
<Auth0Provider
domain={domain}
clientId={clientID}
audience="https://www.saasden.club"
authorizationParams={{
redirect_uri: "https://saasden.club/loading-tokens",
}}
>
<BrowserRouter>
<App />
</BrowserRouter>
</Auth0Provider>
</React.StrictMode>
);
I looked for a similar issue on the internet but couldnât find a reliable answer. What exactly is this error, and how can it be avoided? What else needs to be changed?