Silent Authentication with Telerik Reporting

Hi all,

I am attempting to use Auth0 for silent authentication in Telerik Reporting.

The flow is that the report will have a 2-step authentication process, first acquiring a token from Auth0, then requesting the report data from an API endpoint using that token. However, I am constantly getting a 302 redirect response with error message login_required.

This error means "The user was not logged in at Auth0, so silent authentication is not possible" according to the documentation.

Which is strange, as I am passing through login credentials for a user (in a post header), as well as a URL similar to this:

https://<app name>.auth0.com/authorize?audience=https://<app name>.example.com/&scope=openid&response_type=id_token token&client_id=<client_id>&prompt=none 

I believe that looks right from this documentation.

Can anyone shed some light on why the authentication is not working? What other info can I provide to help?

Thanks,
Lars

The error message login_required can be related to the session duration. Did you rule that out, as described in the documentataion?

login_required : The user was not logged in at Auth0, so silent authentication is not possible. This error can occur based on the way the tenant-level Log In Session Management settings are configured; specifically, it can occur after the time period set in the Require log in after setting. Learn how to configure session lifetime settings.

And just to confirm: you’re doing a “non-silent” authentication first, which is successful and returns an access token, prior to attempting any silent authentication, right?
And this first non-silent authentication happens within the time period that a session is valid?

Thanks for the reply Mathias.
The application (Web ASP.NET Core) is hosting the Telerik HTML5 Report viewer. I can log in (get an access token) and immediately go to the report, and still get the same error from Auth0.
Yes, the session is still valid (I can go to any other part of the app that requires auth), so I am thinking it must be my request, or the silent auth isn’t a valid scenario in this case.

Is there a cookie that is supposed to be returned to the authorize endpoint when I do the silent auth request?