How to use Resource Owner Password Grant with a session?

roman.r · April 19, 2024, 12:37pm

Hi!

I would like to implement a login with email/password on my SPA website.
I want a user to fill out the form directly on my website and submit it without redirections and popups.

As I understand I should you “Embedded login”. I checked the docs, it offers me 3 options:

Use Lock
Use Auth0.js
Manullay call Authentication API

As I understand, the only option that fits my needs is the 3d.
i.e. I should call auth API manually (Resource Owner Password Grant).
The only problem is that I don’t understand how to keep a user logged in after the access token expires.
Is there a session involved here so I can request a new access token without asking for user credentials?

ty.frith · April 20, 2024, 12:51am

Hi there @roman.r !

Can you help me understand why you think calling the API directly is your best approach?

When using the Auth0 Authentication API directly, you can manage user sessions by leveraging refresh tokens, which allow your application to maintain authentication without needing the user to re-enter credentials.

roman.r · April 20, 2024, 6:44am

I would like to avoid any redirections and popups on my website. Auth0 Lock has popups and redirects, and Auth0.js has a redirect as well. Only calling API directly (Resource Owner Password Grant) seems to be a perfect solution, because it doesn’t lead to any redirects

ty.frith · April 22, 2024, 10:37pm

Gotcha, thanks for clarifying!

Topic		Replies	Views
API beginner - redirects Archived content auth0 , login	2	3400	July 25, 2019
Logout after Resource Owner Password login Archived content logout , resource-owner-passw	3	5962	March 2, 2018
API Only Authentication Get Help	3	3188	May 12, 2019
SPA+API architecture with PKCE and refresh token Get Help	3	3420	September 9, 2020
How to keep login session when refreshing page in SPA Get Help login	5	8241	April 29, 2021

How to use Resource Owner Password Grant with a session?

Related topics