GetAccessTokenSilently useAuth0 hook does not work in incognito mode

fzhang0723 · December 28, 2022, 3:53pm

We want to save some data to user_metadata field and let other API to read that information from user claim field by looking at the access token.

However the client failed to get the access token when it is incognito with web client or it always fail with safari mobile client.

The error message is Error: Login required. This error is from GetAccessTokenSilently call. I can see there is no session cookie saved for this in private mode. Does that mean this has to have the ability to save cookie for it to work?

Anyway, is there a more reliable way for client to get the access token across mobile and incognito mode?

Part of the logs are here. Most of other information in the log are user specific.

  "type": "fsa",
  "hostname": "myapp.us.auth0.com",
  "audience": "https://myapp.us.auth0.com/api/v2/",
  "scope": [
    "openid",
    "profile",
    "email",
    "read:current_user",
    "update:current_user_metadata",
    "offline_access"
  ],
  "description": "Login required",
    "error": {
      "message": "Login required",
      "oauthError": "login_required",
      "type": "oauth-authorization"
    },

renatolsromao · January 5, 2023, 7:15pm

I’m having the exact same problem when using auth0-vue. When using react version it works just fine…

renatolsromao · January 5, 2023, 7:50pm

I was able to solve the problem changing the “cacheLocation” to “localStorage”, as in the docs, now everything works on incognito mode.

Remembering there are some risks of using “localStorage”, see the doc as weel.

fzhang0723 · January 5, 2023, 9:57pm

Thanks for the hint. I was using auth0 react version though. The issue only with mobile or incognito mode. It works fine with web.

fzhang0723 · January 5, 2023, 11:09pm

By setting the cacheLocation, it helped.
But I wonder if we can get the token from /authorize in the react when it redirects back to the app. So we can save the token ourself for later use?

renatolsromao · January 6, 2023, 5:14pm

I use getAccessTokenSilently , is this it? Check this: Auth0 React SDK Quickstarts: Call an API

fzhang0723 · January 6, 2023, 6:01pm

yes I meant if we do not need to call this getAccessSilently? Is there a way to get the token directly after it calls /authorize? We could potentially use the refresh token and access token from that response to get the new token to avoid calling getAccessSilently?

fzhang0723 · January 19, 2023, 9:30pm

Actually saving to cache does not help, it is still happening.

"error": {
  "message": "Login required",
  "oauthError": "login_required",
  "type": "oauth-authorization"
},

fzhang0723 · January 19, 2023, 9:31pm

So in mobile or web private mode, we need to login every time? in this case, after I save to localStorage, it does not even let me to proper log in.

sheriff-rango · September 28, 2023, 12:11pm

I have set the “cacheLocation”, but the issue persists.

konrad.sopala · January 8, 2024, 10:58am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!