The check session function on the auth0 client library is not passing any parameters and even the authorize endpoint on the network call is not sharing any userdetails of the logged in user. Hence how the user identity being shared while getting a new token for the logged in user.
Silent Authentication uses the session cookie to determine the user’s identity. SSO sessions are managed by Auth0 setting a cookie on your Auth0 domain. This cookie is sent in the /authorize request’s header.
You can read more about SSO sessions and silent authentication here:
Thanks Ricardo, so does it behave the same if we are using lock plugin in the UI. Or is it required to use hosted page for this.