We want to generate a new session Id when a user physically puts in a user name and password.
We are using the Auth0.js SDK to login. When a user first comes to the site they are prompted with a user name and password. However when a new tab is opened in the bowser the authorize call will login silently in the background with out a user prompt. Is there a way to detect when the login was done with and without user interaction, maybe in the Post Login action or in the callback?
Hi @dgodin,
Welcome to the Auth0 Community!
In a post-login action, you can use event.transaction.prompt === none to determine if the login was a ‘silent auth’.
Hi Dan,
Sadly this doesn’t work. In SSO if the user has already logged in on another tab event.transaction.prompt === none is false even if the user wasn’t prompted for a password. We instead have to call checkSession first and only call authorize if there is no active session as event.transaction.prompt is not reliable.
Can you please share an example of the request to Authorize you are describing? What params are being sent with this request?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.