I have a vanilla JS app that uses auth0-spa-js/1.2/auth0-spa-js.production.js.
Works great in many scenarios. User clicks Login button. Code calls createAuth0Client, passing domain and client id. Then calls loginWithRedirect, passing redirect URI. Auth0 presents login dialog. User enters user name and password, then confirms. Auth0 executes callback. Page loads, allocates client, detects user not authenticated, finds code and state values in query string, calls handleRedirectCallback. Calls isAuthenticated, which returns true. Calls getUser, which returns user. All good.
Now user wants to navigate to another page on the same site. Page load code on target page calls createAuth0Client, as before. Calls isAuthenticated, which returns true. All good.
My understanding is that this works because Auth0 stores code and state in cookies.
Repeat the above scenario, but this time user logs in via Google. Log in works. Code gets user object. User navigates to another page. Auth0 says user not authenticated.
I tried reading code and state from the cookie, creating a URL with code and state and redirecting to it, hoping the code that works for user name / password will work. Didn’t work. Auth0 says bad state.
Is there a way to get the behavior I’m getting (page to page nav without user logging in again) with Google login?
Other than this glitch, having a great time with Auth0!