I may be doing something incorrectly here, and so I am looking for some help.
We have a React application that is using auth0-js to call .authorize() to redirect the user to the Auth0 login page and obtain a token. We then use that token to make requests to the backend. This currently is working… as long as you don’t refresh the page.
However, if I refresh that page and call .authorize() again, it does not seem to keep the old session and takes the user to the login prompt again.
I have tried passing '{“prompt”: “none”}`, however all this does is return a “login_required” error, which I have read means that it could not find the session.
I am wondering if I should be using checkSession() instead?
I will note, we are currently using the Auth0 Google Social Connection with default dev keys (just for testing the service). I am wondering if that has anything to do with the session expiring each time?
But, I am also wondering if I have the application set up correctly.
We are using a “Machine-to-Machine” application because I am able to use that with an Auth0 API, which I can set as the audience so that I get back a JWT access token. This is a bit confusing to me, because I would think that it makes more sense to describe our use-case as a “Single Page Application”, however in that scenario I can only get opaque tokens. I think that I am misunderstanding something here. And I’m not sure if it’s even related to the inability to keep a session, but I am mentioning it here since it may be relevant.
I would appreciate any help that you can provide with this
I am having the same issue but I am working with VueJS.
I have tried to prevent the redirection to the login page on refresh by checking the “isAuthenticated” method.
Initially this:
isAuthenticated () {
return (
Date.now() < this.tokenExpiry &&
localStorage.getItem(localStorageKey) === ‘true’
)
}
@bala2: After posting this, I tried with the pre-made React application that is provided (with pre-filled credentials for your application).
I was having the same problem. After some more searching, I noticed that the documentation says that using the social connection with the default dev keys is the cause.
I have not yet tried any other way, but I think that solves it for me anyway.
Still, I am keeping this question posted as I am seeking clarification about single-page-applications v.s machine-to-machine.
Thanks for the suggestion @jeff.peck
I have tried with social connection(google in my case) by enabling the dev keys and taking their clientID and secret from google cloud.
Still the refresh is not working.
I have added user parameters in localstorage. This helps me retain logged in session even after page refresh.
I have heard that this may not be the safest option but works for my app.
Hope a word comes officially to give more clarity.
Is Seamless SSO enabled in your tenant? Seamless SSO uses cookies to maintain a single sign-on session. The cookies will survive a page refresh and subsequent authentication requests should be silent.
Note that, if you don’t see the option, you have a newer tenant for which Seamless SSO will be enabled by default.