How to implement silent auth in c# backend API

Hello,

I’m using on the backend part of my application.

I have 1 application, and 2 apis.

Currently, I connected to the 1st one thanks to HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties), with my 1st api as audience.

After redirection I can retrieve the access and refresh tokens. Then I call /authorize?response_type=code&client_id=[myclientid]&scope=[myscopes]&audience=[my2ndapi]&redirect_uri=[myredirecturi].

It brings me on the login process again, but as I am already logged, thanks cookies, I am directly redirected to my redirect uri.

Instead of the 2nd redirection, I’d like to use silent auth to get a token for the second api, but I don’t understand how to do.

I put “prompt=none”, but I have the “login_required” error.

I guess this is because on the 2nd call, when I do this directly from backend, cookies are not passed. but I also tried with postman (copying cookies) and it still doesn’t work.

I’m on localhost and I changed well every “localhost” url with a custom domain, updating my host file on my computer.

How is this supposed to work ? I can’t even succeed to retrieve the auth0 cookie (I understood it’s this one, yeah ?) on backend side, because the cookie is not sent to my redirect url (others are sent).

Can someone help me ?

Hi @morgane.treuillet,

Welcome to the Auth0 Community!

Silent auth is intended for client-side applications (i.e. SPAs and Native apps). You request new access tokens with a refresh token, example here, or use the approach described in this thread:

https://community.auth0.com/t/regular-web-app-getsilenttoken/93106/3

Thanks but I don’t understand.

If it’s like the /oauth/token endpoint, for which we can ask a new token thanks to refresh token : so what’s the difference with the authorize endpoint with prompt = none ?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.