Authentication issues between two apps

We have an application (.NET MVC) that serves as a “portal” application to other applications. Authentication is working well in the portal (OIDC). After logging in the user is provided links to our other applications. One of those is a Blazor WASM application hosted at another location. Both applications are bound to the same * SSL cert, each with a different sub-domain. When run out of the portal application the Blazor client opens and performs a silent authentication successfully. At this point everything is working fine.

If the portal application is left open for a time period greater than “inactivity timeout” period specified on our Auth0 domain settings page’s Session Cookie settings and then the user attempts to open the Blazor client, authentication in that client fails and we see a “Failed Silent Auth” entry in our Auth0 logs. Additionally if the user leaves the Blazor client open for longer than the “inactivity timeout” “Failed Silent Auth” log entries start appearing any time the user hits refresh though the application itself appears as still authenticated even providing access to a secured API’s resources.

It appears as if the session’s last activity is never being updated in the portal application after it’s initial load. Is there some way to force an update to this or is there perhaps some other mechanism that can be used to get around our issue here?

Any help you may provide will be appreciated.

Hi @DaneVinson,

Welcome to the Auth0 Community!

If I understand correctly, your user is still able to access protected resources even after the inactivity timeout.

Are the tokens still valid?