After posting this, I made an attempt to reproduce this issue. It’s based on a guess that I had for a long time but have never tried, so today I materialized it and it’s proved to be relevant. This is how I was able to reproduce this:
- set a very short jwt expiry time in custom API settings like this:
- Login
- Wait for 10 seconds and click a protected resource so I’m redirected to the login page, where lock is displayed
- Find all auth0 cookies in Chrome. In particularly, the one related to my SPA
- Delete the 4 cookies by clicking the delete button.
- Go back to the login page and click login with facebook:
- Check log, yes, got the exactly the same error as I described above
Now that I know it’s something to do with the cookie, could any insiders point me to the right direction as to how to handle this error? Thank you in advance!