Hi @maxhov,
Welcome to the Community!
When you call getAccessTokenSilently, the SDK will retrieve a cached token or perform silent authentication to retrieve a new Access Token. When you include the audience parameter, silent authentication will always take place.
The login_required error often occurs when the browser blocks third-party cookies during silent authentication.
There are a few ways around this:
- If you only need to interact with one API, then you can include an audience in your app’s
AuthModule.forRootsettings and remove theaudiencefrom thegetAccessTokenSilentlycall. You can also configure your app to use Refresh Token Rotation:
AuthModule.forRoot({
domain: env.auth.domain,
clientId: env.auth.clientId,
redirectUri: window.location.origin,
audience: env.auth.audience,
useRefreshTokens: true,
cacheLocation: 'localstorage',
scope: 'offline_access',
httpInterceptor: {
...env.httpInterceptor,
},
}),
- If you need to interact with two APIs, and you control both APIs (the API that your app initiates within its
AuthModule.forRootsettings and the one which you callgetAccessTokenSilentlyfor), then you may consider representing multiple APIs in a single logical API so that you only need to include the audience in theAuthModule.forRootsettings and not in thegetAccessTokenSilentlycall:
- Use a Custom Domain so that the silent authentication will not be blocked: Custom Domains
FAQ: Why is authentication lost after refreshing my single page application?
Related topic: SPA client authentication against multiple APIs - #2 by jmangelo