I’m using the Implicit Grant Flow with the hosted Lock and everything is working great except renewing the SSO session after the access token has expired.
“Use Auth0 instead of the IdP to do Single Sign On” is set to on, the SSO session should last 7 days, the access token lasts 30 seconds (testing) and Allowed Callback URLs, and Allowed Web Origins are all set to allow the redirect url.
I’m using checkSession in auth0-js and despite all my attempts I always get: “message”: “The specified redirect_uri ‘https://test.xxxx.no/xxxxx/’ does not have a registered origin.” in the logs with failure. If I use renewAuth I get success silent auth in the log, but the callback function still doesn’t receive the token and the err: “not_authorized”
What am I missing? I am also a bit confused about the difference between renewAuth and checkSession, and what the paramter usePostMessage: true/false actually does.