Failed Silent Auth - Login required

I don’t know what’s wrong. There are similar issues reported on the forum but none exactly like mine I think.

I have a SPA set up like the example provided by auth0. For some reason it fails to silently authenticate when I call client.isAuthenticated(). I can successfully log in with redirect (using user/pass the first time, not social log in). The second time I get authenticated without the prompt but as soon as reload the page I’m not getting automatically logged in again unless I explicitly call the login function. Thus it’s most definitely not expiration either.

The logs are something like this:

1 Like

I don’t have a guess at this point, but do have a question:

What do you see if you click on the “Failed Silent Auth” log entry?
Are there additional details?

John

1 Like

Yes well, there are some details but I don’t know which of that is relevant.

Also I’m wary of publishing here. Which parts can be disclosed publicly?

@john.gateley can I just post an example of a log entry here?

Hey there!

Yes you can do that but make sure to obfuscate any data you consider sensitive.

1 Like

Ok, here it goes. I replaced anything which looks encoded with foo.

{
  "date": "2019-11-05T08:04:28.670Z",
  "type": "fsa",
  "description": "Login required",
  "client_id": "foo",
  "client_name": "Wikibus.org",
  "ip": "185.246.208.177",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "body": {},
    "qs": {
      "client_id": "foo",
      "audience": "https://wikibus.org",
      "scope": "openid profile email",
      "response_type": "code",
      "response_mode": "web_message",
      "state": "foo",
      "nonce": "foo",
      "redirect_uri": "http://localhost:8080",
      "code_challenge": "foo",
      "code_challenge_method": "S256",
      "prompt": "none",
      "auth0Client": "foo"
    },
    "connection": null,
    "error": {
      "message": "Login required",
      "oauthError": "login_required",
      "type": "oauth-authorization"
    }
  },
  "hostname": "wikibus.eu.auth0.com",
  "audience": "https://wikibus.org",
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "auth0_client": {
    "name": "auth0-spa-js",
    "version": "1.3.2"
  },
  "log_id": "90020191105080429164000630671573668641387041673665576978",
  "_id": "90020191105080429164000630671573668641387041673665576978",
  "isMobile": false
}
2 Likes

I’m not sure what can be the issue here, but John will for sure look at that once he starts his day!

I don’t have any ideas with the sanitized version.

I would suggest getting the first login and the failed silent auth and compare them side by side. Look for something that would prevent the silent auth from being assoicated with the first successful auth.

Johnh

1 Like

Let us know about the results of that comparison once you have a chance tpluscode!

Looks like comparing apples to oranges TBH.

The “Successful Login” look entries like below. I did not redact anything.

{
  "date": "2019-11-08T09:19:40.699Z",
  "type": "s",
  "connection_id": "",
  "client_id": "7mxvtGJY96UxnKqRcH75eMRjrnfd7qg8",
  "client_name": "Local wikibus",
  "ip": "178.43.254.34",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.14.6",
  "details": {
    "prompts": [],
    "completedAt": 1573204780698,
    "elapsedTime": null,
    "session_id": "21_7XSJKM0a8tOvOT00BQVPXmkd-DXwu",
    "device_id": "v0:4f980210-f705-11e9-a817-ab12c2e71a99"
  },
  "hostname": "wikibus.eu.auth0.com",
  "user_id": "auth0|5db2b49773a1570d6f3031a4",
  "user_name": "tomasz@t-code.pl",
  "auth0_client": {
    "name": "auth0-spa-js",
    "version": "1.3.2"
  },
  "log_id": "90020191108091941693000774602511252906001014750508482594",
  "_id": "90020191108091941693000774602511252906001014750508482594",
  "isMobile": false,
  "description": "Successful login"
}

I’m still not seeing anything, sorry.

My best advice now: in a test tenant, create a very simplified version to make sure that you can do silent auth. Do the most basic case just to test that silent auth works.

Then try to move the simplified version to your “real” tenant. If this doesn’t work, it is a tenant setting. If it does work, start migrating more functionality from your real case to the simplified case until you find the piece that breaks it.

John

1 Like

Hi there,

I’m facing exactly the same. Could you find out what is the problem, here?
I also tried the demo application provided by auth0, same result.
Somehow the time in the logs is one hour early so when here it’s 20:00 the log says 19:00 but I don’t think it has anything to do with this.
My auth0 configuration is just pretty basic, so I have no idea what coud be the problem

Huh, here’s what I discovered to day by chance: silent auth fails on Chrome and Safari on my Mac (private mode also) but it succeeds on Firefox and mobile Chrome on Android.

Here’s a comparison between the success using Firefox and a failure on Chrome:

https://www.diffchecker.com/cQxX2RRS

Unfortunately this doesn’t work in my case. I tried your working options without success.
I have another application which I do exactly the same (except from using scopes and hooks etc.) and everything works fine. So could the problem be that I am defining scopes in my angular app?

@auth0 team. Do you have any ideas why or in which cases auth0 is returning a ‘login required’ when trying the silent login?
Would appreciate any ideas that could help finding the problem.

1 Like

+1’ing this as I’m having the same issues. Knowing the reasons why silent auth would fail would be really beneficial to debugging on my end.

2 Likes

I am having the same problem as well. Has anyone managed to fix this?

1 Like

@ john.gateley - I don’t know if this is helpful, but on the failed silent authentication log entries, the “connection” is listed as N/A.

@auth0 @josh.gateley interesting fact: this problem does not occur in incognito mode (in Chrome) or private mode (in Safari). However, it does happen otherwise.

More detail: I am in testing on a local computer using localhost and developer keys.

Thank you for testing this out @jkh. In the instances where it is occurring can you try to snag a HAR file capture and see if we can get another layer of understanding what’s going on. Please be sure to select “Preserve log” to catch redirects, thanks!