Auth0 Home Blog Docs

Timeout error in V8 auth0-js checkSession.

auth0js
v8
timeout-error
migration
checkseesion

#1

background:

I am using Auth0-lock UI for login user, but I am using Auth0-js to refresh the token. I am migrating from Auth0-js V7 (which uses refreshToken method) to Auth0-jv V8 (8.10.1) (which now uses checkSession).

Auth0-lock is also being upgraded from 10.8.1 (which uses v7) to 10.23.1 (which uses v8).
The Auth0-lock works fine for login.

Problem:

In the past, the refreshToken always worked fine, but with V8, whenever I call checkSession, I get an error (after a long time):

{error: “timeout”, error_description: “Timeout during fetching SSO data”}

For reference this is my code in V8:

const webAuth = new auth0js.WebAuth({ domain: config.auth0Domain, clientID: config.auth0ClientId });

webAuth.checkSession({ responseType: 'token' }, (err, authResult) => { if (err) { console.error(err); } });

Also this is my code in V7, which works fine.

const auth0Client = new Auth0({ domain: config.auth0Domain, clientID: config.auth0ClientId, responseType: 'token' });

const storedRefreshToken = localStorage.getItem('refresh_token'); // I manually saved the refreshToken earlier after lock login success. According to V8 checkSession's documentation, I no longer have to do this.

auth0Client.refreshToken(storedRefreshToken, (err, delegationResult) => { if (err) { console.error(err); } });

If someone can tell me why checkSession V8 keep timeout, I would appreciate it.

Thanks


#2

I could not reproduce this situation and the checkSession either returned refreshed tokens or a login_required error if there was no session. If you can reproduce this consistently you should check the HTTP request/response for the call to /authorize that is performed when you invoke the checkSession method; ideally, you should include in your question data for that HTTP request and response pair (you can redact information you deem sensitive).


#3

If this fires correctly should the Rules fire in the same way as with an explicit login ?


#4

Thanks for the response. So does it mean anything when it says timeout during fetching SSO? (Is it because Auth0 Lock isn’t compatible with hosted page?)
For now, I decided to push out the migration until absolutely necessary, given the issues.


#5

Yes, rules should run as part of an authentication request such as this one.


#6

The timeout means something completely unexpected happened; for example, if you’re sending a completely wrong redirect URI or client identifier in the check session. My recommendation would be for you to review what was wrong and continue the migration.


#7

Hm…, I believe the issue is that I am not using Hosted Page, I am using the embedded login method.

The CheckSession seems to expect that I have used Hosted Page way to obtain original token. Thus it is fetching SSO, and times out.
https://auth0.com/docs/guides/login/centralized-vs-embedded

Is there anyway to config CheckSession to work with embedded login?


#8

we already implemented safeguard against the cross origin issues involved with embedded login. And we like the embedded login for its better user experience.


#9

If you perform an embedded login through cross-origin authentication which is currently the available option for a SPA then checkSession should still be possible. How are you performing the login?


#10