Missing Parameters in AccessToken with CacheMode "off" and Refresh Token Rotation Enabled

[kevit-manish-andodariya]

Checklist

• [X] The issue can be reproduced in the auth0-react sample app (or N/A).
• [X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

In my React application, I'm using useRefreshToken: true and have enabled refresh token rotation in my Auth0 application.

From the useAuth0 hook, I am calling the getAccessTokenSilently() function with the following options: { cacheMode: "off", authorizationParams: { myOrgId: 'xyz', } } I am using cacheMode: "off" to leverage the refresh token rotation functionality and enhance the security of the application. Additionally, I am passing authorizationParams to include specific parameters that should be returned within the access token for later use. However, I am encountering an issue where the response contains an empty params object, and the expected parameters are missing.

I have ensured that I am using the latest version of the Auth0 package available on npm and validated token request dualy that data should be passing and it's passing correctly, but the issue persists.

Reproduction

1. Setup Auth0: Enable refresh token rotation in your Auth0 application settings. React Application Setup:

2. Configure your React application to use Auth0 with useRefreshToken: true. Implementation:

3. Utilize the useAuth0 hook in your React component. Call the getAccessTokenSilently() function with the following options: { cacheMode: "off", authorizationParams: { myOrgId: 'xyz', } }

4. Try refreshing browser tab and rotate new token.

5. Observation: Check the returned access token for the params attribute. Note that the params object is empty, and the expected myOrgId parameter is missing.

Additional context

No response

auth0-react version

2.0.0 & 2.2.4

React version

18.1.0

Which browsers have you tested in?

Chrome

[frederikprijck]

Check the returned access token for the params attribute.

Can you elaborate what the params attribute is and how it's set? I do not think this is related to our SDK? Are you setting it in an action or something? If so, can you share how it's populating the params?

[kevit-manish-andodariya]

Params Attribute: The params attribute is expected to include specific parameters passed through authorizationParams. These parameters should be included in the access token for later use in the application.

Yes I'm setting it while login as well as while getting access token silently via getAccessTokenSilently()

[frederikprijck]

Can you please provide more information? Where did you find that definition of params? How are you setting params, and where? Can you please elaborate and provide a bit more context for us to work with?

Thanks.