the attemptSilentLogin will not do a silent login if req.oidc.isAuthenticated() returns true
req.oidc.isAuthenticated() will return true if the appSession (client side cookie) is still valid (cookie not yet expired)
the problem is if the underlying Auth0 Session (server side) already expired, the user isn't really authenticated anymore even though req.oidc.isAuthenticated() returns true
Describe the ideal solution
maybe the attemptSilentLogin function should also check if the Auth0 Session (server side) is still valid
Alternatives and current workarounds
the workaround right now is to make the session cookie expires duration shorter than the Auth0 Session (server side)
so calls to attemptSilentLogin middleware will actually trigger a silent login instead of just doing next()
Checklist
Describe the problem you'd like to have solved
the
attemptSilentLogin
will not do a silent login ifreq.oidc.isAuthenticated()
returnstrue
req.oidc.isAuthenticated()
will returntrue
if the appSession (client side cookie) is still valid (cookie not yet expired)the problem is if the underlying Auth0 Session (server side) already expired, the user isn't really authenticated anymore even though
req.oidc.isAuthenticated()
returnstrue
Describe the ideal solution
maybe the
attemptSilentLogin
function should also check if the Auth0 Session (server side) is still validAlternatives and current workarounds
the workaround right now is to make the session cookie expires duration shorter than the Auth0 Session (server side)
so calls to
attemptSilentLogin
middleware will actually trigger a silent login instead of just doingnext()
Additional context
No response