I’m trying to renew refresh token using what’s in the quickstart:
public renewToken() {
this.auth0.renewAuth({
// audience: 'http://localhost:3000', not really sure what I should put here so I commented that part out.
redirectUri: 'http://localhost:3000/silent/',
usePostMessage: true
}, (err, authResult) => {
if (err) {
alert(`Could not get a new token using silent authentication (${err.error}).`);
} else {
alert(`Successfully renewed auth!`);
}
});
There is a request made in the background to https://dasnoo.auth0.com/authorize?client_id=...
and it returns 304.
The timeout error in association with the enabled configuration toggle to use post message suggests that the callback handler, http:localhost:3000/silent/
, fails to post a message using the postMessage
function to the parent window indicating that the authentication response was received.
This would be the simple explanation for the error in question; you did not include code related how you implemented it the silent callback handler so it’s not possible to provide a definitive answer. Check the available docs for a suggested implementation of the silent handler, if that does not work for you, update the question with your exact implementation of that handler.
The way messages are posted changed between auth0.js versions. I’ve got problems related to that. Notice that documentation is still showing auth0.js v8.6 “style” post call (also in github), while v8.6.1 and newer changed things in this way. So if you are using the latest v8.7 you may need to update the way you post messages to the main page.
Please see my comments above. In a brief, check your code. If you are posting your main page with something like this:
var auth0 = new auth0.WebAuth({
domain: 'auth0-tests-auth0js.auth0.com',
redirectUri: 'http://localhost:3000/example',
clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
responseType: 'token'
});
var result = auth0.parseHash(window.location.hash, function(err, data) {
parent.postMessage(err || data, "http://localhost:3000/");
});
Then you may need to change it to this:
parent.postMessage(window.location.hash, "https://localhost:3000/");
Parsing of the hash code has been moved between v8.6 and v8.6.1+.
You’re correct that the way the message could be posted was changed, however in 8.6.1 and above both methods should be supported. There was a breaking change introduced in 8.6.0 that caused the previous method of posting messages to fail, but this was addressed in version 8.6.1 released in the same day as 8.6.0 version. If you update from 8.5.0 to 8.6.0 in specific you would indeed experience a bug.