Re authentication auth_time does't exist

aly.sabry · July 5, 2021, 1:29pm

Hi auth0,

I am using GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE loginWithRedirect function and passing in a max_age:0 parameter to re-Authenticate a user as mentioned here https://auth0.com/docs/login/max-age-reauthentication#limitations-of-prompt-login-parameters

problem: The id Token i get back using getIdTokenClaims() doesn’t include an auth_time field that shows the last authentication. I have also tries including prompt=“login”

Thanks

thameera · July 9, 2021, 6:52am

Hey @aly.sabry , I just checked this with the latest spa-js SDK and getIdTokenClaims() returned auth_time, so I’m guessing there’s something going wrong in your setup.

Some things to check:

Open the Network tab in browser’s dev tools before starting the authentication. Now try to login and you will see an /authorize request in the list. Click on that and verify that max_age=0 is being passed as a query parameter there.
Get the raw ID token and paste it in https://jwt.io. Check if the parameter is present in the body.

Here’s the code I used btw:

await auth0.loginWithRedirect({ max_age: 0 })

system · July 24, 2021, 6:52am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authentication time Help login-experience	4	1315	July 17, 2023
Auth0 SPA Session TTL Part 2 JWT.io lock , auth0	3	977	August 10, 2023
Missing auth_time claim on ID token after update password before continue Action Knowledge Articles	1	1193	May 23, 2023
Auth0 SPA Session TTL JWT.io jwt , access-token	3	1562	March 13, 2023
Timeouts and Refresh Tokens Help	4	3982	July 24, 2021

Re authentication auth_time does't exist

Related Topics