getTokenSilently() is always prompting for credentials

  • Which SDK this is regarding: auth0-spa-js
  • SDK Version: 1.13.1
  • Platform Version: Angular 10.2.1
  • Code Snippets/Error Messages/Supporting Details/Screenshots:

I am unable to get getTokenSilently() to log me in after the access_token expires, without popping up the Auth0 lock screen. I’ve looked around on the internet a bunch, but haven’t seen anyone with the same issue. I can’t find the tutorial anymore, but I used an Auth0 tutorial to hook into the httpInterceptor, and call getTokenSilently(). This works if the access_token isn’t expired yet, but after it expires, it won’t re-authorize without prompting the user.



Some things I have tried:

  • Add “audience” option to getTokenSilently() call, as found in a stackoverflow thread. This didn’t help, and by looking at the source, it seems like it should get the correct audience from the client anyway.
  • Someone had a similar problem with Google connection, and for them they hadn’t created a client id using Google APIs. I have done this, and my google connection has been working fine in all my other apps.
  • “Allow Skipping User Consent” is set to true in my API
  • Another Auth0 article says Allow Skipping User Consent won’t work at all if there is a “localhost” in my Allowed Callback URLs. First off, removing these “localhost” lines didn’t fix the method call. Second, this seems like an unreasonable restriction. How would I be able to do local testing without localhost in this list? I believe I was instructed to do so by a separate tutorial years ago.

I’m kind of at a loss now. I can’t even find any further ways to debug this. Would really appreciate any help.


Hi @mayhew3,

Welcome back!

Can you send me a HAR file of the transaction in a direct message?.

Please include which browsers you have tried, and whether or not you are using rotating refresh tokens (you would have manually set this up if you are).

I am marking this resolved after 14 days of idle time.