Token refresh does not work in `auth0-spa-js`

Feedback
,
1

Issue:
Token refresh does not work in auth0-spa-js

Description:
The auth0-spa-js can be configured to refresh tokens (useRefreshTokens flag).
When an access token is expired getTokenSilently() tries to refresh it automatically.
But getTokenSilently() does not pass scope to the /token endpoint.
As a result, an ID token is not returned back and the โ€œID token is required but missing โ€ error is thrown.

Use-case:

  1. Create a SPA with an automatic token refresh (useRefreshTokens) as explained in the Getting Started section:
    @auth0/auth0-spa-js - npm
  2. Decrease lifetime of ID or access token to 70 seconds on https://manage.auth0.com.
  3. Open SPA and wait for 11 seconds (till the token is expired).
  4. Call getTokenSilently() function.

Actual result: The โ€œID token is required but missing โ€ error is thrown.

Expected result: The tokes are refreshed.

2

Hey there!

Thanks for creating this feedback card however the most effective way to handle that would be to raise a GitHub issue in the auth0-spa-js repo so we can work on that directly with the repo maintainers. Can you do that and then share a link to it here so we can ping them? Thank you!

3

Thank you for letting me know!

I was asked to report it as feedback in support ticket that I created earlier:

Also, you may consider leaving us product feedback about this: Auth0: Secure access for everyone. But not just anyone. Any feedback reported through that channel goes directly to our product team in order to help them prioritize future work.

Here is the created GitHub issue:

1 Like
4

Perfect, thanks a lot for doing that!