Timeout error in V8 auth0-js checkSession


I am using Auth0-lock UI for login user, but I am using Auth0-js to refresh the token. I am migrating from Auth0-js V7 (which uses refreshToken method) to Auth0-jv V8 (8.10.1) (which now uses checkSession).

Auth0-lock is also being upgraded from 10.8.1 (which uses v7) to 10.23.1 (which uses v8).
The Auth0-lock works fine for login.


In the past, the refreshToken always worked fine, but with V8, whenever I call checkSession, I get an error (after a long time):

{error: “timeout”, error_description: “Timeout during fetching SSO data”}

For reference this is my code in V8:

const webAuth = new auth0js.WebAuth({ domain: config.auth0Domain, clientID: config.auth0ClientId });

webAuth.checkSession({ responseType: 'token' }, (err, authResult) => { if (err) { console.error(err); } });

Also this is my code in V7, which works fine.

const auth0Client = new Auth0({ domain: config.auth0Domain, clientID: config.auth0ClientId, responseType: 'token' });

const storedRefreshToken = localStorage.getItem('refresh_token'); // I manually saved the refreshToken earlier after lock login success. According to V8 checkSession's documentation, I no longer have to do this.

auth0Client.refreshToken(storedRefreshToken, (err, delegationResult) => { if (err) { console.error(err); } });

If someone can tell me why checkSession V8 keep timeout, I would appreciate it.


I could not reproduce this situation and the checkSession either returned refreshed tokens or a login_required error if there was no session. If you can reproduce this consistently you should check the HTTP request/response for the call to /authorize that is performed when you invoke the checkSession method; ideally, you should include in your question data for that HTTP request and response pair (you can redact information you deem sensitive).

If this fires correctly should the Rules fire in the same way as with an explicit login ?

Thanks for the response. So does it mean anything when it says timeout during fetching SSO? (Is it because Auth0 Lock isn’t compatible with hosted page?)
For now, I decided to push out the migration until absolutely necessary, given the issues.

Yes, rules should run as part of an authentication request such as this one.

The timeout means something completely unexpected happened; for example, if you’re sending a completely wrong redirect URI or client identifier in the check session. My recommendation would be for you to review what was wrong and continue the migration.

Hm…, I believe the issue is that I am not using Hosted Page, I am using the embedded login method.

The CheckSession seems to expect that I have used Hosted Page way to obtain original token. Thus it is fetching SSO, and times out.

Is there anyway to config CheckSession to work with embedded login?

we already implemented safeguard against the cross origin issues involved with embedded login. And we like the embedded login for its better user experience.

If you perform an embedded login through cross-origin authentication which is currently the available option for a SPA then checkSession should still be possible. How are you performing the login?