Authentication breaks when client refreshes browser


We’re experiencing a weird issue on our development & staging environment.
On our localhost, everything works fine, running via ng serve.

On our dev & staging environment, it also works, once. If the user hits refresh, or otherwise closes the tab and opens it again, it will not work.

We followed the implementation guide for SPA when setting up, and seems to have narrowed the issue down to this code:

if (!this.auth0Client) {
this.auth0Client = await createAuth0Client(this.config);

On our localhost deployment, this resolves almost instantly, while on other deployments, never resolves, and simply times out, if you have refreshed the page.

The odd thing in all of this, if you leave the page up for a minute or so, it works.
Also, if you clear all your cookies, it will also work again.
Until you refresh. I’ve come to assume the page works after a minute because the cookie expires.

I’m thinking it may be an issue with caching, but otherwise, I have no idea.

I’ve also noticed when you log in on our dev environment, there’s a cookie called a0.spajs.txs which disappears generally after you hit the callback, I think. On our local deployment that stays.
The cookie stays on both local and dev deployments.

and simply times out

Maybe related to this (Is “Allowed Web Origins” set properly?):


Thanks for the reply.

The Allowed Web Origins seems to be set correct, except from a trailing slash.
There does not seem to be any errors in the log regarding this.
The thing I’m having the most issues comprehending is why it works at first, but fails on refresh

The Allowed Web Origins seems to be set correct, except from a trailing slash.

Can you try to add the exact URL in terms of slashes. It might make a difference, just to be sure that’s not the issue. (I would leave the rest up to the SDK team to answer.)


I’m was getting the exact same issue.

I had to add two entries to the Allow Web Origins box, one with http prefix and one without.
http://localhost:8001, localhost:8001

3 hours of my day lost to that!

1 Like

I’ll check up on this tomorrow, thank you.

Okay, interesting, I’ll look into this tomorrow. Thank you.

So, removing the trailing slash did seem to resolve the issue. Thanks all for the assistance :smiley:


Perfect! Glad you have it working!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.