Hi, I have integrated auth0 for basic login using social media connections in my localhost React.js SPA, but every time I log in after pressing refresh I get logged out. I have the cookies holding the jwt every time I refresh. So now I have 10+ cookies for some reason (I thought they would clear when I log out. Is this not the case?) but when debugging:
isAuthenticated is always false. I have all the correct application settings on my profile filled out, including “Allowed Web Origins” which is set to http://localhost:3000 (I read that missing this step out would cause this problem).
I also downloaded the test/sample application and the same problem occurs (using the react-01-login download).
I have also read: Test Social Connections with Auth0 Developer Keys
to see if the keys were the problem but nowhere does it say that refreshing would not work. I’m not 100% sure how to create non-test IDs + secrets but I have enabled a few social connections (facebook, twitter, github, microsoft and google).
Does anyone know why this might be? I’m running low on ideas. Thanks!
In the Quickstarts, the new auth0-spa-js SDK does the silent authentication automatically. I suggest you try it out with a database user first (not via social connection). If that works, then it’s obviously the dev keys used for the social connections causing the problem (as it’s the case in the many other threads on this topic in the forum).
IIRC, whether it works with dev keys or not also depends on whether you’re using the Classic Login Page or the New Universal Login Page (ULP).
How to get your own keys for Google, Facebook, etc. is descibed in the docs linked in the settings dialog of each connection:
@mathiasconradt I’m using Universal Login and yes you’re correct. The local account worked! If many people are struggling with this maybe the Quick Start should be more clear? I’ll check out the link to obtain the client ID then. Thanks for the help.
EDIT: Only problem with that is that Google does not allow me to add localhost as the “Authorised domain” so I can’t continue testing. This might be a problem…
EDIT: Only problem with that is that Google does not allow me to add localhost as the “Authorised domain” so I can’t continue testing. This might be a problem…
Where do you set the “Authorized Domain”? Are you referring to “Authorized redirect URIs”?
I have it working locally on localhost, so it does work locally as well. Note that the “Login with Google” is federated, so that federated authorization request goes first back to Auth0 and then to your app.
Which means, you would add this https://YOUR_TENANT.auth0.com/login/callback
in section “Authorized redirect URIs” in the Google developer console (replace with your proper tenant name).
Try with auth0.com as the Authorised domain (remember the Google login is federated via Auth0), and leave the Application Homepage Link empty. That worked for me.