http://SPA ... auth0-spa-js must run on a secure origin

I have a Single Page App that works as http://localhost:5000 but not as http://appname.com:5000. I get the error “auth0-spa-js must run on a secure origin”.

I have read that http: is not supported, which doesnt seem right to me, but I am guessing I need another workflow. Curently I am:

  1. Loading static html/JS site.
  2. App runs createAuth0Client() ← Failure happens here
  3. User logs in using auth0.loginWithPopup()
  4. User gets a JWT token using auth0.getTokenSilently()
  5. User makes call to registered API using the JWT token

This seems like it should be supported. I dont want to require https for the SPA. Is there a different workflow I should use?

I am closing this. I decided to use NGINX and expose through https.

1 Like

Thanks for letting us know @gary.d.jenkins!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.