I have really problem with token renew in my Angular4 spa. Following this tutorial https://auth0.com/docs/quickstart/spa/angular2/05-token-renewal I got login_required or contest error. Below my renewToken method:
public renewToken() {
console.log("renewToken");
this.auth0.renewAuth({
scope: 'openid',
audience: '...',
redirectUri: environment.DOMAIN + ':3000/silent.html',
usePostMessage: true
}, (err, authResult) => {
if (err) {
console.log(err);
} else {
console.log("Auth result:", authResult);
this.setUser(authResult);
}
});
}
I don’t get this error even in err variable but in authResult console.log.
This issue occurs also after disable social auth.
Below my silent.html file:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<script src="https://cdn.auth0.com/js/auth0/8.10.1/auth0.min.js"></script>
<script>
var webAuth = new auth0.WebAuth({
domain: '...',
clientID: '...',
});
</script>
<script>
webAuth.parseHash(window.location.hash, function (err, response) {
parent.postMessage(err || response, '...');
});
</script>
</head>
<body></body>
</html>
Will be glad if anyone can help me with that stuff.
I gave it a test using the same Auth0.js version you have in your silent callback handler and could not reproduce the same exact error login_required
you mentioned in the question. That error condition is not unexpected or said it another way it’s a perfectly valid response for the case where there is no pre-existing end-user session or the session exists but some circumstances changed and the session cannot be used to complete the authentication request.
Assuming you’re testing this by performing a login immediately before trying to renew then the error would indeed not be expected unless there’s some issue in the session establishment (it’s based on cookies so it’s always a bit dependent on the user-agent).
Also have in mind that if you’re using social connections then as instructed in the README of the linked step:
If you see an error on renewal saying login_required
, that means you may be using the Auth0 dev keys for whichever social login you’re testing. You’ll need to add your own keys for this to work.
If the previously does not apply, the recommendation would be for you to inspect the network traffic to check if it can be a cookie related issue (the /authorize
request triggered by renewal would not include the necessary cookies) or at least to try to find additional information. It can also be helpful to update your question with an HTTP trace showing a login transaction being completed and the immediate authentication renewal failing (have in mind that HTTP traces can include sensitive information so you may want to redact it before sharing).