I have authentication with claims working except sessions are not persisting when refreshing the browser. I’m using auth0-spa-js with vanlilla JS (well, Svelte actually), I have
cacheLocation: "localstorage" when calling
createAuth0Client, I see the @@auth0spajs@@ entries in localstorage, yet when refreshing my browser window, it never persists the session.
Could this be an issue with me using
token = auth0.getIdTokenClaims.__raw to get the RAW token to include in my headers instead of using
token = auth0.getTokenSilently which I think is called automatically when refreshing. Retrieving the
__raw token this way works: on the Dgraph end I’m able to get the custom claims injected by an Auth0 rule I created…
If I use
auth0.getTokenSilently, I get an opaque access_token because I’m missing the
audience property. The audience that dgraph recommends to put in dgraph schema is AUTH0-APP-CLIENT-ID (e.g. “FstBEWxxxxxxxxxxxxxxxxxxxxxx_wqp”), yet when I try to add that as the
audience value when calling
createAuth0Client I get the error “Service not found” for that audience value. The ONLY way I don’t get the service not found is if I use
audience: "https://my-app.auth0.com/api/v2/" at which point, it works –
auth0.getTokenSilently returns a real JWT… BUT WITH NO USER INFO NOR MY CLAIMS (I confirm it at jwt.io).
FYI - I’m have google oauth social as an identity provider.
So… What should I do to get sessions persisting?
Stick to using
auth0.getIdTokenClaims.__rawfor headers AND try to figure out how to fix the refresh? Any ideas on how to get session working in that case?
Or should I try to use
auth0.getTokenSilentlyto get a JWT by using audience of
https://my-app.auth0.com/api/v2/AND figure out how to get the user info and claims injected by my Auth0 Rule which don’t appear in it? Any ideas on how to get that? And would this address the original issue of session not retaining on browser refresh?
Thank you for any help!