Auth0 Home Blog Docs

Using renewAuth fails with unsupported response mode

silent-auth
silent-authenticatio

#1

We are attempting silent login as follows:

webAuth.renewAuth({
                    domain: '<org>.auth0.com',
                    redirectUri: '<domain>/auth0/callback',
                    responseType: 'code',
                    usePostMessage: true
                }, function (err, authResult) {
                    console.log(err);
                    console.log(authResult)
                });

However we are getting an 501 error:

unsupported_response_mode: fragment.

I’m authenticated using SSO Auth0 to Google auth. And want to use the above to check if I can renew auth i.e. there is an SSO session in Auth0 that I can reuse.


#2

The renewAuth method uses defaults for some of the options that you don’t explicitly pass. Of particular importance for this situation is that it uses a default of fragmentfor the responseMode parameter and a value of token for the responseType parameter.

Using token with fragment is supported as so it would be using id_token token with fragment. However, using responseType: 'code' is not compatible with the default response mode of fragment so you’ll need to pass a suitable response mode for that type of response; a supported one would be responseMode: 'query'.

Have in mind that the sample silent callback page available in the documentation is meant to be used with a response that is delivered through the fragment so if you want to go beyond that you need to also update the silent callback to handle the response accordingly. In this case, using code with query it would generally indicate that the server-side component of the callback page would process the code response, exchange it with tokens and then deliver a payload that would communicate those tokens to the parent window through post message. However, this is more work than just using a response type that immediately delivers the tokens in the fragment of the initial response so you may want to consider if you really need to be using code as the response type in the first place.


#3