Persisting login on refresh with refresh token rotation

Hermit · January 27, 2021, 7:41pm

Hi, i’m new to auth0. so i have this issue with persisting login on my react app. i’m having this issue for a week, and i’m using auth0-react library.

So the problem is auth0 is never persisting my login even if i try to run on auth0 React-sample app and connect it with my own auth0 dashboard. the only way i found to persist my login is to save it on localstorage by adding cacheLocation="localstorage" props on my Auth0Provider component, i know about the exposure to XSS attack, and i don’t actually want to apply this way. am i missing something? can someone enlighten me?

stephanie.chamblee · January 27, 2021, 8:02pm

Hi @Hermit,

You may find these topics helpful:

This behavior is caused by the browser blocking third-party cookies during silent authentication. Items stored in memory are lost on page refresh, including the Access Token and Refresh Token stored there. When this happens, the SDK will use silent authentication with an iframe and pass third-party cookies. However, as you have observed, third-party cookies are blocked by many browsers. You can use Auth0’s Custom Domain functionality to avoid this issue without using local storage.

Hermit · January 27, 2021, 8:18pm

firstly, thank you for replying.
now i get it. i’m gonna look into these discussion, so in summary with custom domain i can bypass this third-party cookies issue then. okay i’m also gonna look to this custom domain, thanks again.

system · February 11, 2021, 8:17pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.