(EDIT: added the fourth possibility, dev keys)
If checkSession is returning login_required this means that Auth0 could not find a valid session for the user. This could be because:
- A session was never created. When instantiating Lock, are you using the
sso: falseoption? Doing so instructs Lock to use the token endpoint directly, without setting a session for the user. - The session has expired. Check the session duration in the tenant Advanced Settings.
- The session cookie was not included in the request. This could happen if you are not using custom domains and the browser blocks the third-party cookie. Safari actively blocks this.
- Using social connections with the default developer keys won’t set an SSO session (see Test Social Connections with Auth0 Developer Keys). Make sure you configure your own keys.
Do any of these help explain the situation?