Silent Renewal is Failing with Social Logins in the Demo.

dopry / svelte-auth0

Svelte Auth0 Components

https://darrelopry.com/svelte-auth0/

73 stars 13 forks source link

Silent Renewal is Failing with Social Logins in the Demo. #16

Open dopry opened 3 years ago

dopry commented 3 years ago

To reproduce

login to http://darrelopry.com/svelte-auth0/ using google social auth
refresh the screen. see this loom video, https://www.loom.com/share/0bc610c810e240e8964e34aa5bed0630

Suspicions: I feel like it may be an issue with cookies... see: https://community.auth0.com/t/failed-silent-auth-login-required/33165/39 and https://community.auth0.com/t/failed-silent-authentication-login-required/47064/16. https://auth0.com/docs/libraries/auth0-single-page-app-sdk?_ga=2.232166431.1076406309.1616428488-2120265973.1610826707#use-rotating-refresh-tokens maybe the the necessary solution.. but I was hoping to avoid storing credentials in local storage.

Leftium commented 3 years ago

Here is my POC of Auth0 social login that persists without local storage: https://auth0-persist-social-login.netlify.app It is based on https://auth0.com/blog/authenticating-svelte-apps/

The social logins needed local storage to persist until I switched the default Auth0 developer keys to my own keys.

If you switch the Auth0 Universal Login experience from "Classic" to "New," the new experience features a blinking red warning icon if you're using the Auth0 developer keys.

Christheoreo commented 2 years ago

Hey @dopry - I am also getting this silent renewal error (using Firefox developer edition) while using my own details / keys. Did you ever get a work around for this?

this link (one of the links you posted above) suggests relaxing firefox security settings helped, but A) I'm struggling to find the settings, and B) I wouldn't want the user to have to do the same.

Any ideas?

dopry commented 2 years ago

@Christheoreo, I appreciate the error report. This isn't the best place for it. In general, when reporting bugs to open source projects you should open your own issue, rather than using an existing issue. Your issue could be completely unrelated to this one. I, unfortunately, can't help you with debugging the silent renewal. Svelte-Auth0 is just a thin wrapper around the Auth0 client. The silent renewal is handed by the Auth0 client. I would start troubleshooting with Auth0 first and ensure it is properly configured for silent renew. see @Leftium's comment above. If you're able to isolate something to the Svelte-Auth0 project, please open a new issue.