"Login required" error while trying to get authToken for registered API

sandeep.nair · July 1, 2020, 3:56am

Hello,

I am working on a react application with Auth0 integration. I am trying to access an express-nodejs API from my react app. For this, I have registered my API under the API section in my Auth0 dashboard and assigned a list of scopes. My authentication flow is working fine and I am getting my ID token from getIdTokenClaims ( react-auth0-spa).

I have enabled Allow Skipping User Consent aswell for the API

*But while I try to get my access token for calling the API, I am getting the following error ***
1. error: “login_required”
2. error_description: “Login required”
3.state: ""

Here is how I am trying to get my access token

const token = await getTokenSilently({

        audience: 'localhost:3900/api/customers',

        claim: 'read:customer',

    });

I am getting the same error for the Auth0 management API as well

const token = await getTokenSilently({
audience: ‘https://**.auth0.com/api/v2/’,
claim: ‘read:client_grants’,
});

Could anyone tell me what I am doing wrong here?

thanks in advance!

dan.woda · July 1, 2020, 4:23pm

Hi @sandeep.nair,

This error is often caused by an issue with third party cookies being blocked, causing silent authentication to be blocked.

A few things you can do to debug:

Try this in a different browser (safari often has this issue)
Try an incognito/private window to determine if it is another cookie conflicting with the issue
Do a getTokenSilently() request without your params to ensure this isn’t a problem with your audience/claims

Let us know what you find,
Dan

sandeep.nair · July 1, 2020, 5:33pm

Hello @dan.woda, thank you for the reply!

Here are a few things I tried,

For my own API, I changed the localhost to 127.0.0.1:3900/api/customers

Called getTokenSilently() without params - this is returning an opaque token
Called get TokenSilently() with params from Microsoft edge - I am getting a similar error, instead of login required its consent required.

But one good thing that’s happening is I am able to get the JWT auth token for APIs provided by Auth0. I am not sure what I did differently, but it’s working now.

const token = await getTokenSilently({
audience: ‘**/api/v2/’,
claim: ‘read:client_grants’,
});

So the issue remains for my API alone at the moment.

When I check the Auth0 Dashboard > users; under the user, I am logging with only two Authorised applications are listed
– > https:///userinfo
---->https://api/v2/

Do I need to get my Customers API listed here for authentication to happen? , if yes how do I do it?

Thanks in advance!

dan.woda · July 2, 2020, 5:43pm

This topic covers how to request a token without consent:

sandeep.nair · July 2, 2020, 7:19pm

Dear @dan.woda
As per the thread attached, the user info API should return a token silently without user consent popup. This sounds like a solution as the user provides a consent first time he/she logs into the application.

But the following request is returning an opaque token, what am I doing wrong here?

token = await getTokenSilently({
audience: ‘https://[…].auth0.com/userinfo’,
claim: ‘openid profile email’
});

Thanks in advance!

dan.woda · July 16, 2020, 11:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.