Re authentication auth_time does't exist

Hi auth0,

I am using GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE loginWithRedirect function and passing in a max_age:0 parameter to re-Authenticate a user as mentioned here Force Reauthentication in OIDC

problem: The id Token i get back using getIdTokenClaims() doesn’t include an auth_time field that shows the last authentication. I have also tries including prompt=“login”

Thanks

Hey @aly.sabry , I just checked this with the latest spa-js SDK and getIdTokenClaims() returned auth_time, so I’m guessing there’s something going wrong in your setup.

Some things to check:

  1. Open the Network tab in browser’s dev tools before starting the authentication. Now try to login and you will see an /authorize request in the list. Click on that and verify that max_age=0 is being passed as a query parameter there.
  2. Get the raw ID token and paste it in https://jwt.io. Check if the parameter is present in the body.

Here’s the code I used btw:

await auth0.loginWithRedirect({ max_age: 0 })
1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.