Refresh token - Allow silent authentication

I have a Auth0 Application that uses refresh tokens + cache in local storage to be able to work around browsers block third party data. The problem is that when the token expires Auth0 sends to user to login and then back to the “home” page of the app.

What I am expecting is Auth0 to authenticate the user behind the scenes without any redirects. Is this possible?

    <Auth0Provider
      clientId={auth0Config.clientId}
      domain={auth0Config.domain}
      redirectUri={window.location.origin}
      onRedirectCallback={onRedirectCallback}
      useRefreshTokens
      cacheLocation='localstorage'
      {...(organizationAuth0Id ? { organization: organizationAuth0Id } : {})}
    >
      <AuthProviderLegacy organizationSubdomain={organizationSubdomain}>
        {children}
      </AuthProviderLegacy>
    </Auth0Provider>

Also note. There is no “Allow Offline Access” for SPA apps. Refresh Tokens.

I see that when useRefreshTokens is set. It ask the users for permissions to “Allow Offline Access”. Which makes me assume that using refresh tokens automatically sets “Allow Offline Access”.

Hi @adrian_gd

Using refresh tokens in your SPA should allow the app to request new tokens without prompting the user to log in.

Are you successfully returned a refresh token when the user logs in? You should be able to inspect the app and see a refresh token returned from the request to the /token endpoint.

Are you seeing any errors in your Auth0 logs?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.