Am not sure i understand exactly the right sequence of events but any suggestion on where to look next would be appreciated. Using the angular quickstart auth service example. Basic sequence is
I login - success I see the cookie very briefly in dev tools and then it dissapears
refresh or start over - failed silent auth - no idea why, there is just the isauthenticated cookie stored
here is a screen shot of the cookies after successful authentication (processing stopped with alert as callback has just happened and my appComponent is reinitializing)
now the redirect back to my base URL is done and you can see there is just the one cookie
so I refresh and i get the failed silent auth in the auth0 log (removed some fields with xxx but they were all filled with the generated strings)
{
“date”: “2019-11-30T20:07:51.430Z”,
“type”: “fsa”,
“description”: “Login required”,
“client_id”: “xxx”,
“client_name”: “NeeduumWebClient”,
“ip”: “162.157.178.64”,
“user_agent”: “Chrome 78.0.3904 / Mac OS X 10.13.6”,
“details”: {
“body”: {},
“qs”: {
“client_id”: “xxx”,
“redirect_uri”: “http://localhost:4200”,
“scope”: “openid profile email”,
“response_type”: “code”,
“response_mode”: “web_message”,
“state”: “xxx”,
“nonce”: “xxx”,
“code_challenge”: “xxx”,
“code_challenge_method”: “S256”,
“prompt”: “none”,
“auth0Client”: “xxx”
},
“connection”: null,
“error”: {
“message”: “Login required”,
“oauthError”: “login_required”,
“type”: “oauth-authorization”
}
},
“hostname”: “needuum.auth0.com”,
“audience”: “https://needuum.auth0.com/userinfo”,
“scope”: [
“openid”,
“profile”,
“email”
],
“auth0_client”: {
“name”: “auth0-spa-js”,
“version”: “1.6.0”
},
“log_id”: “90020191130200756132000265058062004146476314584332370002”,
“_id”: “90020191130200756132000265058062004146476314584332370002”,
“isMobile”: false
}
this is similar to the failures other are reporting but I get this in regular chrome or incognito mode, also same in firefox.
I also get 7 warnings about auth0 cookies that have the same_site issue to be resolved before 2020, but they are not blocked, and yet none of them show up in my cookie storage ???
I really do not know whether I even understand the sequence of events correctly and how could the data be present in the failed silent auth json body if there is no cookie for the service to get it from to submit ?
where exactly in the service does the silent auth request get generated anyway?