Session Invalid After Updating Email

Hi there, I’m not sure if you ever resolved this @noliver? But I have been experiencing a similar issue with my application.

I came across this thread Editing user data (first/last name) in SPA forces re-login on refresh because I was also experiencing an issue that was forcing users to log back in after changing their given_name and family_name. It turns out that because I was including the email address in the payload to the management api (since it is a field within the user details form) then the Success Change Email event was firing in the logs (despite the email address being the same).

Surely enough, removing the email address from the payload resolved this for me, users can update their given name/family name without having to reauthenticate.

However, it still leaves the question around the email address un answered. I can only assume that the change of email address makes the JWT invalid which is why silent authentication fails, but what is the suggested way to deal with this from a user experience perspective? Should we be notifying users that they will have to sign back in after making this change? Or is there a way to bypass this?

I am using the auth0-react package for my project and have noticed that if I call the getAccessTokenWithPopup method after the user has changed their email address then the user can continue as normal, however, getAccessTokenSilently does not work as it fires the “Login is required” error.

It would be great if someone from Auth0 could point me in the direction of some documentation surrounding this. What is the recommended approach for dealing with this case?

Any help would be greatly appreciated. Thanks very much!

2 Likes