Auth0 Home Blog Docs

Trying to use renewAuth always leads to a login required error

sso
auth0js
renewauth

#1

Related to this:

https://community.auth0.com/questions/239/how-do-i-correctly-implement-and-detect-sso-sessio

I tried implementing it myself, and I also tried the example (https://github.com/auth0-samples/oidc-sso-sample), both yielded the same results.

I have turned on Use Auth0 instead of the IdP to do Single Sign On, and I’ve also turned on OIDC Conformant in my client settings.

I’m setting it up just like in https://github.com/auth0/auth0.js, and the parent is receiving the post message, except the response is always something like this:

"#error=login_required&error_description=Login%20required&state=qszL6asfqZy-od3YvRVbEoVv6mPC"

I’m getting the same error with both my own project, and using the example code. Am I missing something? Why is the renewAuth giving me this error? I am logging in through the Auth0 hosted login page as required.


Update

I actually asked this also in a GitHub issue, there is more detail there:

https://github.com/auth0/auth0.js/issues/435

With both my own project, and the auth0js example (on the auth0js github page/repo). Renew auth DOES seem to be working with email-password login, but not with facebook or google login.

The setup using the example code is simply running npm start, logging in with facebook using /authorize, and then hitting renewAuth. And yes in both cases I’m logging in through the hosted Auth0 login page. And like I said, it is working with email-password login.


#2

The error is expected if a session could not be found, however, if you’re performing the login through the hosted page the session should exist. Can you update your question with the exact configuration you use to create the Auth0.js instance and also the method used to authenticate/redirect the user to the hosted login page?


#3

Posting the root cause of the issue extracted from the GH issue

It won’t work if you use Auth0 development keys for your social connections. You have to use your own keys.
Follow the steps for the provider you want here: https://auth0.com/docs/identityproviders

So if you login with a social connection and use auth0.js renewAuth you need to configure your own keys for the social connection as explained in https://auth0.com/docs/identityproviders.


#4

I’m having a similar issue and I’m using my own keys for google and facebook. In fact, I’m not even using renewAuth, anymore.

I’m trying to get SSO across 2 apps, each with it’s own client ID within the same Auth0 account. App1 is nodejs using the auth0 2.7 package. App2 is Angular2 using auth0-js 8.8. App2 is also calling authorize() with prompt=none. Both apps use hosted login page. Both are configured for OIDC-compliant SSO. I expected that a cookie would get dropped during the login redirect of App1 such that App2 would not require any human interaction. This is not the case.


#5

I’m having a similar issue and I’m using my own keys for google and facebook. In fact, I’m not even using renewAuth, anymore.

I’m trying to get SSO across 2 apps, each with it’s own client ID within the same Auth0 account. App1 is nodejs using the auth0 2.7 package. App2 is Angular2 using auth0-js 8.8. App2 is also calling authorize() with prompt=none. Both apps use hosted login page. Both are configured for OIDC-compliant SSO. I expected that a cookie would get dropped during the login redirect of App1 such that App2 would not require any human interaction. This is not the case.


#6

If you haven’t done so already, it may be better to post this as a separate question.


#7