Hi all,
We have been using the custom login pages through Auth0 for a while now; however, lately, the token renewal has started failing.
What we should uncover is that most likely our Content-Security-policy was not set correctly.
After fixing it, so there are no errors or even warnings, we are now getting a different error.
Timeout during executing web_message communication
We are using WebAuth as our integration library, and it looks something like this:
auth0Instance = new WebAuth({
audience: 'https://priz-guru.auth0.com/api/v2/',
clientID: '**********************',
domain: 'auth.priz.guru',
responseType: 'token id_token',
scope: 'openid email profile offline_access',
overrides: {
__tenant: 'priz-guru',
__token_issuer: 'https://auth.priz.guru/',
},
leeway: 300,
});
The login works ok; however, we are still failing to refresh the token with the following error.
One thing that we have now noticed is that right after we redirected back to the callback (from auth0), we are getting the following error:
If I understand correctly, the reason for this is that Auth0 is not allowed to show our domain in an iframe.
We have a custom domain setup (auth.priz.guru).
Note: Following these docs for guidance:
https://auth0.com/docs/customize/custom-domains
I feel like it is something related to a misconfigured tenant and issuer, but I am not sure what.