We have a SPA where the user goes to Auth0 hosted login page, enters email/password and on successful authentication he gets redirected to the SPA back.
The SPA checks for token and it’s validity along with session on Auth0 (using WebAuth.checkSession() method in Auth0 client library). This flow is working fine.
Now we want to authenticate the user from backend and get access-token using password grant and redirect him to the SPA - with access_token/id_token and other parameters.
The access_token validation passes here but the checkSession() fails.
Is there any way to set the user session on Auth0 manually??
Hey there @SunnySharma, can you check to make sure that you are not passing a empty object to checkSession() ? When you get a chance can you snag a HAR file of the entire initial login and the call the checkSession and DM it over to me so I can take deeper look at what’s going on? Thanks in advance!
I spent some time working with our support team @SunnySharma and reviewing your HAR file capture. We were able to conclude due to the fact CheckSession() method calls /authorize endpoint to get a new token by passing prompt:none and you are using resource owner password grant to get a token from your backend, there would be no session for the browser flow which would result in checkSession() failing.
Also there is no way to establish a session in the authorization server manually. It requires a user to authenticate successfully to generate the session.Thank you.
Thank you so much @James.Morrison for looking into it. I had a call with the technical team as well and @jamie.hughes confirmed the same. There’s no way to add a session manually.
I’ll have to figure another way to go. I appreciate the time you both spent looking into it. Thanks!