Hi there!
Sorry, I was following this thread and hoping to get more insight on how this works but unfortunately I’m even more confused now.
I basically have the same problem as @ronifintech. I have an SPA with no additional backend server and want to keep my users logged in. I’m still not sure how this would ever be possible with storing at least something either in local storage, session storage or cookies. Since you suggest that local storage is not an option, I was following the (multiple) guides throughout the Auth0 platform and other forums.
So what do I have so far:
- Refresh Token Rotation seems to be the weapon of choice. I’ve set this up in my Auth0 account and implemented the Auth0 SDK in my project.
ReactDOM.render(
<React.StrictMode>
<Auth0Provider
domain={ `${REACT_APP_AUTH0_DOMAIN}` }
clientId={ `${REACT_APP_AUTH0_CLIENT_ID}` }
redirectUri={ window.location.origin }
useRefreshTokens={ true }
cacheLocation="memory"
>
<App />
</Auth0Provider>
</React.StrictMode>,
document.getElementById('root')
);
I redirect my user to the Auth0 login page for signing up or logging in. Then the login page redirects back to my SPA - so far so good. On a refresh of the page the login is lost unless I set cacheLocation
to localStorage
which puts basically all my tokens and IDs into the local storage (access key, client ID, …).
- I now read further and found that I have to do a silent authentication? Is that right? Is that additional to the token rotation or is that a different thing?
Sorry about my probably really stupid questions but I’m super stuck and I wanna try to figure this out. Could you give me an example of what you did or of what I have to do?
Thanks!