-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: what is the use of 'auth0.is.authenticated' cookie #95
Comments
We use the cookie to improve the user experience. If the cookie is present, we automatically do a silent authentication request to get and cache the tokens. In most cases, it doesn't make sense to call Auth0 if the cookie is not there because, most likely, there won't be a session. If you have a particular scenario that this behavior is needed, you can call it yourself. |
Hello, |
@haydave I'm not sure I'm following the problem you are having. Are you saying that you're not achieving the desired behaviour? Could you outline what you're seeing and what you expect to happen in a few steps? |
@stevehobbsdev Actual behavior: Additional information: I think that the reason is the |
@haydave Thanks, that's much easier. Ultimately I'm not sure what the solution is here yet but just to add a bit of background, if you do happen to have that cookie then it just calls Right now you might end up making that call twice if you do have that cookie, but we're currently working on a solution to allow you to disable the built-in call if you know you don't want it and are doing it manually. Hope that helps |
@luisrudge Thanks for clearing this up (how it performs a silent auth if the cookie is present). My SPA got into a vicious loop where the page wouldn't load because it erred/400 on a silent authentication and then I checked the logs to see that mysteriously the origin URI wasn't registered (even though it was). I was following this tutorial: https://auth0.com/blog/securing-gatsby-with-auth0/ and will look into how to respond more gracefully to the silent auth error. |
Hi,
I was questioning myself about the use of 'auth0.is.authenticated' cookie as it has been confusing to me (I searched for an answer on other issues but could not find one, sorry if I missed it).
What seem strange to me is that, when creating an auth0 client, presence of this cookie is checked before we try to authenticate silently.
Here is the line https://github.com/auth0/auth0-spa-js/blob/master/src/index.ts#L11
What exactly is the purpose of such check ? (and thus the purpose of such cookie).
My use case is: I have an (quite old) angularjs app which directly uses auth0-js and a new react app which uses auth0-spa-js. If I login on my angularjs app, then navigate to my react app, since the 'auth0.is.authenticated' cookie is not present, my react app won't try silent authentication and I won't be logged in.
Though I could myself trigger a silent auth when my auth0 client finished loading, I would expect the lib to always do it whatever the cookie is because there might be an auth0 session existing for me.
Please enlighten me on this, did I miss something ?
Cheers
The text was updated successfully, but these errors were encountered: