Auth0 Home Blog Docs

Failed Silent Auth - with missing cookies

Am not sure i understand exactly the right sequence of events but any suggestion on where to look next would be appreciated. Using the angular quickstart auth service example. Basic sequence is

I login - success I see the cookie very briefly in dev tools and then it dissapears
refresh or start over - failed silent auth - no idea why, there is just the isauthenticated cookie stored

here is a screen shot of the cookies after successful authentication (processing stopped with alert as callback has just happened and my appComponent is reinitializing)

now the redirect back to my base URL is done and you can see there is just the one cookie

so I refresh and i get the failed silent auth in the auth0 log (removed some fields with xxx but they were all filled with the generated strings)

{
“date”: “2019-11-30T20:07:51.430Z”,
“type”: “fsa”,
“description”: “Login required”,
“client_id”: “xxx”,
“client_name”: “NeeduumWebClient”,
“ip”: “162.157.178.64”,
“user_agent”: “Chrome 78.0.3904 / Mac OS X 10.13.6”,
“details”: {
“body”: {},
“qs”: {
“client_id”: “xxx”,
“redirect_uri”: “http://localhost:4200”,
“scope”: “openid profile email”,
“response_type”: “code”,
“response_mode”: “web_message”,
“state”: “xxx”,
“nonce”: “xxx”,
“code_challenge”: “xxx”,
“code_challenge_method”: “S256”,
“prompt”: “none”,
“auth0Client”: “xxx”
},
“connection”: null,
“error”: {
“message”: “Login required”,
“oauthError”: “login_required”,
“type”: “oauth-authorization”
}
},
“hostname”: “needuum.auth0.com”,
“audience”: “https://needuum.auth0.com/userinfo”,
“scope”: [
“openid”,
“profile”,
“email”
],
“auth0_client”: {
“name”: “auth0-spa-js”,
“version”: “1.6.0”
},
“log_id”: “90020191130200756132000265058062004146476314584332370002”,
“_id”: “90020191130200756132000265058062004146476314584332370002”,
“isMobile”: false
}

this is similar to the failures other are reporting but I get this in regular chrome or incognito mode, also same in firefox.

I also get 7 warnings about auth0 cookies that have the same_site issue to be resolved before 2020, but they are not blocked, and yet none of them show up in my cookie storage ???

I really do not know whether I even understand the sequence of events correctly and how could the data be present in the failed silent auth json body if there is no cookie for the service to get it from to submit ?

where exactly in the service does the silent auth request get generated anyway?

So today i realized that when i login with an auth0 DB connection user everything works as expected
and the silent auth works on refresh and works when i return to the browser from a fresh start.
The silent auth failures only occur when doing social media logins.
still see just the isauthenticated cookie in dev tools though

unfortunately although I see nothing but sucesses in the log when doing a manual refresh or upon startup when i am already logged in, in both cases when getUser$ completes my user from the tap is undefined

on normal login the user from the tap is correct
so still not operating as expected

replying to myself here everyday while i make tiny bits of progress
so this link Cookie Pollution Issue #217
was the best explanation of what is supposed to be happening and apparently the cookies are supposed to be deleted when everything is working properly, so know i know that much anyway
then compared the working for refresh 01-login repo example line by line and now have my implementation working for refresh for AUTH0 users,
still does NOT work (01-login) on refresh for facebook or google users - separate post for this i guess