New Universal Login — SPA redirects back to login page immediately after successful authentication

Get Help
,
1

Application type: Single Page Application (auth0-spa-js)

Login type: New Universal Login (recently migrated from Classic Universal Login)

Description

We recently migrated our SPA from Classic Universal Login to New Universal Login by setting custom_login_page_on: false and cross_origin_authentication: false. After migration, users are being redirected back to the login page immediately after a successful login instead of being taken to the application.

If the user waits approximately 40 seconds after logging out before attempting to log in again, the login succeeds without any issue. But logging in immediately after a logout causes the session to reset and the user is returned to the login page.

Questions:

  1. What are the known causes for a login loop after migrating from Classic to New Universal Login?

  2. Is there any additional configuration required for auth0-spa-js when switching from cross-origin authentication to the authorization_code + PKCE redirect flow?

  3. Why would a session be terminated within seconds of a successful login, and what should be checked to prevent this?

2

Hi @aravind.ps

Thank you for reaching out to us!

Based on the information provided, please allow me to share some troubleshooting steps and settings to check in order to overcome the issue:

  • check is if handleRedirectCallback is called in order to complete the login flow with PKCE. If this parameter is not captured, the SDK’s state remains unauthenticated (isAuthenticated returns false);
  • it is also recommend to enable Refresh Tokens after transitioning from cross-origin authentication to the redirect-based Authorization Code Flow with PKCE in order to maintain silent sessions;
  • it is possible that the 40 second behaviour issue that you are seeing can be caused by either some clock desynchronization ( between your local machine and the Auth0 Server ) in which case even a difference of a few second can cause delays and unusual login experiences;
  • ensure your logout function explicitly redirects the user to the Auth0 logout endpoint with the correct client_id and returnTo parameters to fully clear the server-side cookie.

Let us know if this helped clear the issue!

Best regards,
Gerald