ivk
July 18, 2022, 12:58pm
3
Thank you for letting me know!
I was asked to report it as feedback in support ticket that I created earlier:
Also, you may consider leaving us product feedback about this: Auth0: Secure access for everyone. But not just anyone. Any feedback reported through that channel goes directly to our product team in order to help them prioritize future work.
Here is the created GitHub issue:
opened 12:52PM - 18 Jul 22 UTC
closed 10:26AM - 08 Aug 22 UTC
bug report
### Describe the problem
The `auth0-spa-js` can be configured to refresh toke… ns (`useRefreshTokens` flag).
When an access token is expired `getTokenSilently()` tries to refresh it automatically.
But `getTokenSilently()` does not pass scope to the `/token` endpoint.
As a result, an ID token is not returned back and the “`ID token is required but missing`” error is thrown.
### Reproduction
1. Create a SPA with an automatic token refresh (`useRefreshTokens`) as explained in the Getting Started section:
[@auth0/auth0-spa-js - npm](https://www.npmjs.com/package/@auth0/auth0-spa-js)
2. Decrease lifetime of ID or access token to 70 seconds on https://manage.auth0.com/.
3. Open SPA and wait for 11 seconds (till the token is expired).
4. Call `getTokenSilently()` function.
**Actual result**: The “`ID token is required but missing`” error is thrown.
**Expected result:** The tokes are refreshed.
### Environment
- Version of `auth0-spa-js` used: `https://cdn.auth0.com/js/auth0-spa-js/1.22/auth0-spa-js.production.js`
- Which browsers have you tested in? Chrome.
- Which framework are you using, if applicable (Angular, React, etc): reproduced on both pure `auth0-spa-js` and React.
- Other modules/plugins/libraries that might be involved: no.
1 Like