GetAccessTokenSilently useAuth0 hook does not work in incognito mode

We want to save some data to user_metadata field and let other API to read that information from user claim field by looking at the access token.

However the client failed to get the access token when it is incognito with web client or it always fail with safari mobile client.

The error message is Error: Login required. This error is from GetAccessTokenSilently call. I can see there is no session cookie saved for this in private mode. Does that mean this has to have the ability to save cookie for it to work?

Anyway, is there a more reliable way for client to get the access token across mobile and incognito mode?

Part of the logs are here. Most of other information in the log are user specific.

  "type": "fsa",
  "hostname": "myapp.us.auth0.com",
  "audience": "https://myapp.us.auth0.com/api/v2/",
  "scope": [
    "openid",
    "profile",
    "email",
    "read:current_user",
    "update:current_user_metadata",
    "offline_access"
  ],
  "description": "Login required",
    "error": {
      "message": "Login required",
      "oauthError": "login_required",
      "type": "oauth-authorization"
    },

1 Like

I’m having the exact same problem when using auth0-vue. When using react version it works just fine…

I was able to solve the problem changing the ‚ÄúcacheLocation‚ÄĚ to ‚ÄúlocalStorage‚ÄĚ, as in the docs, now everything works on incognito mode.

Remembering there are some risks of using ‚ÄúlocalStorage‚ÄĚ, see the doc as weel.

1 Like

Thanks for the hint. I was using auth0 react version though. The issue only with mobile or incognito mode. It works fine with web.

By setting the cacheLocation, it helped.
But I wonder if we can get the token from /authorize in the react when it redirects back to the app. So we can save the token ourself for later use?

I use getAccessTokenSilently , is this it? Check this: Auth0 React SDK Quickstarts: Call an API

yes I meant if we do not need to call this getAccessSilently? Is there a way to get the token directly after it calls /authorize? We could potentially use the refresh token and access token from that response to get the new token to avoid calling getAccessSilently?

Actually saving to cache does not help, it is still happening.

"error": {
  "message": "Login required",
  "oauthError": "login_required",
  "type": "oauth-authorization"
},

So in mobile or web private mode, we need to login every time? in this case, after I save to localStorage, it does not even let me to proper log in.

I have set the ‚ÄúcacheLocation‚ÄĚ, but the issue persists.