-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login required error when using local storage and refresh tokens #542
Comments
Hi @cbeiro, Can you see the refresh token present in local storage? And what sort of expiry time do you have enabled for your access tokens and your refresh tokens? |
Hi @stevehobbsdev, It's not present in local storage and |
Ok, interesting that the data isn't in local storage at all, and that you're getting an error before /token is called. You mention in your post that you're doing a login, so you're logging in where the user is redirected in the browser to Auth0, logging in, and then it fails when you drop back to your app before /token is called? Are you getting any errors in your Auth0 logs that may point to the issue? Also, are you able to reproduce this in The Playground, using both our domain + clientID and yours? |
I'm getting the same problem. I'm also using the Vue tutorial for setup. In my logs I see two failed authorization attempts when I perform a full page reload in the app. For me the problem persists whether I'm using refresh tokens or not. |
@robotrot Any more detail in the logs you can share? This sounds like silent authentication is failing to work, if it's happening when you're refreshing the page. This could be caused by a couple of things:
Please try these to see if you can get unblocked:
If you're still having issues, please file a new issue with more detail as it does not sound like the same issue that @cbeiro reported here. |
I'm using the new login experience, and I've tried with refresh tokens and no refresh tokens, and it happens either way. I'm just copying the Vue SPA example verbatim. I'd like to point out that the Vue SPA example doesn't even mention refresh tokens, which seems like a bit of an oversight. No matter what I do, I get an error about Auth0 cookies not having samesite flags set. I've checked other issues about this and they either get closed or they never get a good answer. Why is there still auth0 cookies without samesite explicitly set? Is this whats causing this problem? If not what is? This happens for me just by copying the basic Vue SPA example, so I can't believe no maintainer of this library should have any trouble replicating it. |
Auth0 server sets a compatibility cookie without an explicit samesite attribute for older browsers that do not support the samesite attribute - this is likely what is causing the warning, but should not affect you.
It's because the problem is most likely environmental. Are you getting any more detail in Auth0 logs dashboard that might point to the issue, or when you inspect the HTML content for the call to |
Recently I noticed the same thing happening with us. Diving deep into the Inside of the Does anyone knows how we can avoid this call? |
@luisfmsouza It sounds like you might be using the const client = new Auth0Client({ /* options */ }); Does this help? |
@cbeiro Just checking in to see if you've managed to resolve this. The last thing I asked for was whether you were able to reproduce this inside the SPA playground. |
Closing this for now, but feel free to continue discussion if there's anything else we can look into. |
Describe the problem
I've configured auth0 client to use local storage and useRefreshTokens. When I try it out in Chrome with incognito mode, where third party cookies are disabled,
login_required
error is shown although the user is already logged.What was the expected behavior?
Cookie should not be checked and token should be obtained directly according to https://auth0.com/docs/tokens/concepts/refresh-token-rotation
Reproduction
The text was updated successfully, but these errors were encountered: