In documentation, I can see that this error is due to: The user was not logged in at Auth0, so silent authentication is not possible. This error can occur based on the way the tenant-level Log In Session Management settings are configured; specifically, it can occur after the time period set in the Require log in after setting. See Configure Session Lifetime Settings for details.
What do you mean by “user was not logged in at Auth0”?
Because, my user is logged in, I can access all his data in my application (React) using useAuth0 hook. I try to do get access token silently to other audience right after the user is logged in and receive this error.
Does it have something to do with cookies or localstorage? What is necessary for Auth0 to determine the user as logged in?
PS: I’m using refresh token rotation in my application.
Can you confirm my understanding of your use case? Your user authenticates into your app with audienceA and then once logged in you call getAccessTokenSilently() with audienceB? If I’m misunderstanding, please let me know! As much info/code snippets/screenshots will be helpful as well!
The key with silent auth and the login_required error is that whenever it is returned, the user must be redirected back to the Auth0 login page without the prompt=none parameter to re-authenticate. Please see here for more: Configure Silent Authentication
Actually, my scenario is that: User authenticates into my app with no audiences (default /authorize Universal Login Page) and then once logged in I call getAccessTokenSilently() with audienceB. Should this work?
Because I can’t ask for my user to login for every audience… That would make the app unusable!
I’ll take a time to read your documentation. Thank you.
So the user logs in, you call getAccessTokenSilently() with audienceB, and immediately get the “login_required” error? This solution explains what getAccessTokenSilently() does. I wonder if you could try having the user authenticate with an audience and see if this changes anything.
Here are some other articles I found that may prove useful:
The user logs in, I call getAccessTokenSilently() with audienceB, and immediately get the “login_required” error.
I think that’s due to the user logging in a browser and to me calling the function in an Electron app (which you don’t seem to support).
Once the user logs in the browser, their session is stored there, so I can’t use that in other “browser”, because the handleRedirectCallback() function doesn’t do all the work necessary to set a session.
Do you know any ways to work around this? Any ways to pass the session from the browser to an Electron app (basically another browser)?