Auth0 Home Blog Docs

JS renew token example logs in but doesn't renew


#1

Using https://github.com/auth0-samples/auth0-react-samples/05-Token-Renewal/, I can log in fine and see the profile, but when I click on the “Renew Token” button, I get an error:

“Could not get a new token (login_required: Login required).”

I’m using HS256 ID tokens, if that has anything to do with it.

The last network request is this:

https://{TENANT}.auth0.com/authorize?client_id={CLIENT_ID}&response_type=token%20id_token&redirect_uri=http%3A%2F%2Ffoo.local%3A3000%2Fcallback&scope=openid%20profile&state={STATE}&nonce={NONCE}&response_mode=web_message&prompt=none&auth0Client={AUTH0CLIENT}


#2

Additional info for any Auth0 people lurking:

I tried this with an older tenant, and it worked correctly. So it just doesn’t work with the new tenant we have.

I looked at the advanced tenant settings for the two tenants, and the lists of available settings are different.

The old tenant has three advanced settings that are not available on the new tenant (and all three of these settings are turned on):

  • legacy delegation endpoint
  • legacy oauth/ro endpoint
  • legacy social provider access token endpoint

FWIW, the version of auth0-js being used is 9.4.2.


#3

:wave: @murftone just tried this and I get the Login required message when I am using Google login without the developer keys. This will prevent token renewal from working. Which connection are you suing?


#4

Which connection are you using?

Thanks! Google/social. Aha. I think you might have meant that you tested without the Auth0 developer keys? Your comment led me to read a little about developer keys. I didn’t set up the account, so I didn’t know about this. We’ll set up the non-Auth0 keys, and that should make this problem go away …


#5

No problem! The login_required can happen, so give this a shot and let me know if it works. If you still get the issue, more than happy to work through other possible causes and solutions. There is some further reading if you didn’t come across it already https://auth0.com/docs/connections/social/devkeys#limitations-of-developer-keys

The step-by-step guide for Google specifically is here: step-by-step guide here: https://auth0.com/docs/connections/social/google