Thanks for your response, we used that blog post for “inspiration”!
I have tried the same code using Chrome (regular + incognigo) and Firerox (regular + incognito)
I can see this on my Auth0 logs:
| Timestamp | Type | Description | Connection | Application | Occurred | ||
|---|---|---|---|---|---|---|---|
| 2025-06-23T18:50:05.756Z | Success Exchange | Authorization Code for Access Token | N/A | SumentsSPA | 6 minutes ago | ||
| 2025-06-23T18:50:05.583Z | Success Login | Successful login | N/A | SumentsSPA | 6 minutes ago | ||
| 2025-06-23T18:50:05.019Z | Success Exchange | Authorization Code for Access Token | N/A | SumentsSPA | 6 minutes ago | ||
| 2025-06-23T18:50:04.803Z | Success Silent Auth | Successful silent authentication | N/A | SumentsSPA | 6 minutes ago | ||
| 2025-06-23T18:49:53.169Z | Actions Execution Failed | Execution of an Action failed | Username-Password-Authentication | SumentsSPA | 6 minutes ago | ||
| 2025-06-23T18:49:52.175Z | Failed Login | The client_secret or client_assertion field is required, or it should be mTLS request. | N/A | SumentsSPA | 6 minutes ago | ||
What is funny, is that is the same code with the same configuration being executed…
I noted also that it started to fail after I tried to “sign in” using the popup… what makes me think there is some sort of information stored somewhere, then it is picked up by the popup and sent as I can see from the failed records…
I have tried to set
cacheLocation: 'localstorage', // Use memory instead of localstorage to avoid cache issues
to both values and removed all application data from the developer tools and I have also disabled the use of getTokenSilently…
Any ideas?