Getting 'Login Required' when attempting silent auth after successful authentication with magic link

Hi community,

I am having an issue where after clicking the auth0 passwordless link via email, and upon successful authentication with auth0 (verified through auth0 logs that there is a “Successful login” event for this), when I get redirected back to my app, it does not successfully silent authenticate with auth0, but returns a ‘Login required’ error instead.

I see that the once I get redirected back to where I originally triggered the passwordless link experience, the redirect URL has included in it the following properties after the “#” tag: Notice access_token , scope , expires_in, token_type

https://some-url-here#access_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjFBSzBqXzRBcjVuMVBxTXFESW1teCJ9.eyJodHRwczovL3N0YWdpbmcucG9saWN5Z2VuaXVzLmNsb3VkL3V1aWQiOiIwOTFhY2EwZi0zMDFiLTQyMzgtODU3OC01YWM0YTA5M2FmZjUiLCJpc3MiOiJodHRwczovL3BvbGljeWdlbml1cy1zdGFnaW5nLnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJlbWFpbHw2MmQ3MTlhNWI0MjMwNjgxYjNhNzhkYzkiLCJhdWQiOlsiaHR0cHM4F49wb2xpY3lnZW5pdXMtc3RhZ2luZy51cy5hdXRoMC5jb20vYXBpL3YyLdadfEfHBzOi8vcG9saWN5Z2VuaXVzLXN0YWdpbmcudXMuYXV0aDAuY29tL3VzZXJpbmZvIl0sImlhdCI6MTY2ODU0ODE2OCwiZXhwIjoxNjY4NTU1MzY4LCJhenAiOiJ1a3RVb0RDRUwxOWZhVGxPQmxEdUJmRHlVNGwyaFdHWCIsInNjb3BlIjoib3BlbmlkIn0.l5HPZtI9oiAOJpms7BMVYvlb-Ie-2c_N8uN5gjm91jepJ0GZD_X0kNalBU6j-xyBwx4_exEbNMQea9htMyyPI9ZOr6sqCE17CDXO_PYy9TryxSgxPLmIr3Tl0QMGCFGjGdULqRTFlXUswnaxm8LAbuh6lBHhEnXA1MwrzZ1WCgIYe3Ia_-VjO_2d7YSS286f_aQubksqlMds6M6J9xgzT-VuPm0qmVIQPhF12S-aJ-iENMS4oO-RZ11jqNH0raqI00MY8LGm-EMGDdbzNqGDlI3qfawNTQFDodoFVhvvZZhwhilzug6zefRED-rWq4VUI-bqYWnvmVR-Q&scope=openid&expires_in=7200&token_type=Bearer

This failure can be verified by the Auth0 logs that show “Failed Silent Auth”, which means this user is not authenticated with auth0.

So my question is, should we be doing something with that access_token that returns in the URL from Auth0 in our SPAs so that it authenticates the user upon returning to our flow? It seems like yes, but wondering what the Auth0 recommended way to handle this is?

Thank you!