I’m using the Auth0 plugin for authentication and facing an issue in production.
Whenever I refresh the page or switch to a different page or tab, I get disconnected.
One potential solution could be to store the token in a variable saved in local storage, but I’m not sure if that’s a secure approach.
Hi, ensure the page to redirect after the user signed-in is public. If that doesn’t work, you might be missing expiration settings in prod. Can you enable Refresh token rotation, set token lifetimes and configure the correct callback URLs and web origins in the Auth0 Dashboard?
Thank you for your response! I can confirm that the page the user is redirected to after signing in is public.
I’ve also tried enabling the Refresh Token Rotation option, but for some reason, I am unable to toggle it. However, I’ve already configured the Refresh Token Expiration settings beforehand, and they appear to be set up correctly.
Could you provide any insight into why the option might be disabled or if there are any prerequisites I may have missed?
It’s hard to pinpoint the issue because a lot depends on your Auth0 dashboard settings. You need to have “Refresh Token Rotation” enabled in the dashboard. Refresh Tokens
The issue is that I can’t activate Refresh Tokens, and I believe it’s because I need to enable Allow Offline Access first. To do that, I need to change the Auth0 API I’m using instead of the Auth0 Management API.
However, in the WeWeb Auth0 tutorial, they specifically instruct us to select the Auth0 Management API. So my question is: will the plugin still work with a different API?
I’m not sure, from what I know of Auth0, this shouldn’t cause issues, but I need to confirm with the team. In the meantime, can you test the plugin in another project, reinstalling, reconfiguring it etc?
Thanks for your reply.
I got some good news, and some bad ones unfortunately.
Good news, I tried to create another single page app. For some reason I don’t get, I managed to toggle the refresh token rotation.
I changed on Weweb with the new app. Nothing broke. Put it production.
And then the bad news, it didn’t change anything… Still logged out when refreshing or changing tab.
Do you know what we can do from here?
An important point I forgot to mention: it looks like a soft logout.
Maybe not the right term for it, but what I mean is that when it happens, and I press my login button that triggers the Auth0 popup, the popup opens, but I don’t have to re-enter my password—it reconnects me immediately.