Auth0 Home Blog Docs

renewAuth errors in "login_required" for non-social, enterprise connection



everything is setup to be OIDC conformant. Interactive login/authorization works just fine, but where in the past silent authentication worked it now seems to not work anymore resulting in a login_required error.

In addition since auth0.js version 8.6.1 this error doesn’t get provided via the error object of the callback anymore:

        redirectUri: 'http://localhost:3000/callback.html',
        usePostMessage: true
    }, function (err, result) {
        if (err) {
// I'd expect the login_required error to be effective here ...
            alert(`Could not get a new token using silent authentication (${err.error}). Redirecting to login page...`);
        } else {
// ... but since v 8.6.1 actually it gets transportet via the normal result object, which is unexpected

so currently no idea why this is happening. the general error in the first place, but then also why the “error transport details” change from v.8.6.1

I didn’t check for any other kind of connections, as we currently don’t have others.


In relation to the fact that the outcome is a login_required when you would not expect it to be I don’t have any hint about it. However, for the second situation described there was indeed some changes in 8.6.1 to allow one additional way for the callback page to pass the information when compared to what was available in the 8.5.0 version.

In addition, have in mind that 8.6.0 did indeed introduce a breaking change associated with this functionality, but it was quickly addressed in 8.6.1 which was released in the same day. In summary, updating from 8.5.0 to 8.6.0 could break the application, but 8.6.1 addressed this breaking change.

I did a quick test with 8.6.1 both in the client application and in the callback handler and the error was surfaced as the err parameter I defined in the callback function passed to renewAuth.

Here’s the code I used with 8.6.1 version for the method call:

var options = {
    // ...
    usePostMessage: true

// ...
webAuth.renewAuth(options, function (err, response) {
    if (err) {

and then on the silent callback page:

webAuth.parseHash(window.location.hash, function(err, data) { parent.postMessage(err || data, window.location.href);

If this is still an issue you should also include the code for the callback and do ensure that both callback and main client application use the same version Auth0.js (this second point is just to simplify troubleshooting given that if you exclude the bug in 8.6.0 they could technically be different versions).