I’m implementing silent authentication in my application using Auth0, but I’m running into an issue where the token isn’t refreshing as expected. The user remains authenticated, but after the access token expires, the silent authentication request sometimes fails, forcing a full login.
I’ve confirmed that the session is still active, and I’m using checkSession() properly. It works most of the time, but occasionally, I get a login_required error. Could this be related to third-party cookie policies or something else?
I believe what you might be missing is taking advantage of Refresh Token Rotation, which uses the getTokenSilently() method in order to exchange an Access token with a Refresh Token, if the user needs to continue their session without re-logging in. As long a this is called while the Access token is still valid, the token rotation will take place and a new login will not be needed from the user.