We have an application that uses the current version of Auth0.js (9.8.2) checkSession method to silently renew active user’s tokens. These users are 100% “enterprise” users and none are social connections.
Occasionally, a single user will receive several successive failures with “login_required” responses after they recently logged in. This leads me to believe the issue is not configuration.
My understanding is that this error can only be generated either by a missing cookie, or an expired cookie.
My questions are:
- are missing / expired cookies exclusively the only way this
login_requirederror is thrown for enterprise connections , or are there other ways it can occur?
- What is the suggested best practice response in this scenario? should the user be logged out?