Check Session Not Working With Social Provider

Hi,

I hope you are doing well.

I am stuck with a problem and confused about how to solve it. Please see the problem statement:

I have implemented the Google social login using the auth0Instance.authorize method from the SDK. The sign-in works as expected and I am able to redirect my user back to my application but the problem occurs when I try to check the session using auth0Instance.checkSession method from the SD but It’s always returning me the login_error.

Please see the following piece of code I am using:

Auth0 instance configuration:

import auth0, { AuthOptions } from 'auth0-js'

const auth0Instance = new auth0.WebAuth({
  domain: process.env.NEXT_PUBLIC_AUTH0_DOMAIN || '',
  clientID: process.env.NEXT_PUBLIC_AUTH0_CLIENTID || '',
  scope: 'openid profile email ' + process.env.NEXT_PUBLIC_AUTH0_AUDIENCE || '',
  responseType: 'token id_token'
})

This is working as expected when I start the authentication process:

auth0Instance.authorize({
    connection: 'google-oauth2',
    scope: 'openid profile email',
    redirectUri: 'http://localhost:4200/social-auth'
})

And when I try to check the session back using:

auth0Instance.checkSession(
    {
        audience: process.env.NEXT_PUBLIC_AUTH0_AUDIENCE,
        redirectUri: window.location.origin + '/login'
    },
   function(err, response) {}
)

This is returning login_error

Please take a note here, I have already added the ClientID & ClientSecret from the Google App in the social connections.

Please let me know if you need any other information as well.

Looking forward to hearing from you.

Thanks & Best Regards,
Hammad Rasheed

The type of connection (social or otherwise) should not have any bearing on checkSession.

One possible issue is that you are specifying an audience in the checkSession call, but not in the original authorize call. To confirm if this is related, can you try adding the same audience to the authorize call as well and see if it works?

If that does not work, can you take a look at the Logs section in your tenant to see if it has any descriptive error log? Based on that, we can take a further look.

2 Likes

Thanks a lot for your response. I really appreciate that.

Sure, let me verify it by adding the audience in the authorized call and I’ll keep an eye on the logs as well.

Hi @thameera,

Thanks a lot for your help. Setting up the audience properly did the magic. It’s now working as expected. Here’s how I have modified it to work:

Auth0 instance:

const auth0Instance = new auth0.WebAuth({
  domain: process.env.NEXT_PUBLIC_AUTH0_DOMAIN || '',
  clientID: process.env.NEXT_PUBLIC_AUTH0_CLIENTID || '',
  audience: process.env.NEXT_PUBLIC_AUTH0_AUDIENCE || '',
  scope: 'openid profile email',
  responseType: 'token id_token'
})

Auth0 session verification:

auth0Instance.checkSession(
    {
        audience: process.env.NEXT_PUBLIC_AUTH0_AUDIENCE || '',
        scope: 'openid profile email',
        redirectUri: window.location.origin + '/login'
    },
   function(err, response) {}
)

Really appreciate the help.

Thanks,
Hammad Rasheed

2 Likes

Great, thanks for sharing the working solution as well.

1 Like