Max_age with auth0lock v11.3

nikhil.batta · July 27, 2023, 7:07pm

I am trying to use the max_age property to force reauthentication of the user. I’m unable to get it to work with auth0Lock v11.3 for Javascript. I’m passing max_age to my lock through the options. I see that the max_age value is getting sent to the authorize endpoint. But it is not working. I have also added the “auth_time” claim value to the id token like this documentation states
Force Reauthentication in OIDC.

is this supposed to work with the classic login?

Side note: In the documenation (alot of your documentation) there are many links that are not even available anymore.

rueben.tiow · July 27, 2023, 9:36pm

Hi @nikhil.batta,

Yes, it works with the Classic Universal Login Experience on Auth0 Lock v11.3, as well as, the current v12.1.0.

You will need to make a login request something like the following:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    audience={apiAudience}&
    state={state}&
    max_age=0

Please let us know if you have any additional questions.

Thanks,
Rueben

nikhil.batta · July 27, 2023, 9:59pm

I am using the auth0 lock configuration options to pass the max_age value.

I create the auth0lock options like this

and then pass them to the lock like this

I have verified through the “network” tab that the max_age is being passed as a parameter to the authorize call. I am still having no success in being forced to reauthenticated after 30 seconds.

Maybe I’m doing something wrong?

rueben.tiow · July 31, 2023, 7:28pm

Hi @nikhil.batta,

Thanks for the update.

Could you please capture your login events in a HAR file and send them to me as a direct message to investigate further?

Thanks,
Rueben

system · August 14, 2023, 7:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.