Hi @maxhov,
Welcome to the Community!
When you call getAccessTokenSilently
, the SDK will retrieve a cached token or perform silent authentication to retrieve a new Access Token. When you include the audience
parameter, silent authentication will always take place.
The login_required
error often occurs when the browser blocks third-party cookies during silent authentication.
There are a few ways around this:
- If you only need to interact with one API, then you can include an audience in your app’s
AuthModule.forRoot
settings and remove theaudience
from thegetAccessTokenSilently
call. You can also configure your app to use Refresh Token Rotation:
AuthModule.forRoot({
domain: env.auth.domain,
clientId: env.auth.clientId,
redirectUri: window.location.origin,
audience: env.auth.audience,
useRefreshTokens: true,
cacheLocation: 'localstorage',
scope: 'offline_access',
httpInterceptor: {
...env.httpInterceptor,
},
}),
- If you need to interact with two APIs, and you control both APIs (the API that your app initiates within its
AuthModule.forRoot
settings and the one which you callgetAccessTokenSilently
for), then you may consider representing multiple APIs in a single logical API so that you only need to include the audience in theAuthModule.forRoot
settings and not in thegetAccessTokenSilently
call:
- Use a Custom Domain so that the silent authentication will not be blocked: Custom Domains
FAQ: Why is authentication lost after refreshing my single page application?
Related topic: SPA client authentication against multiple APIs - #2 by jmangelo