I've been playing with the Auth0 SPA SDK https://auth0.com/docs/libraries/auth0-spa-js
What's wrong
I keep running into an issue where I an error is thrown with code consent_required
when trying to initialise the Auth0 client by calling createAuth0Client
that is brought in from the library import createAuth0Client from "@auth0/auth0-spa-js"
.
Why's it's going wrong
Reading into it this is because the createAuth0Client
function is calling getTokenSilently
as part of the creation. This call fails when a user has a current session but the parameters of the authentication have changed to require the user accepts some updated conditions.
Examples of where this is going to happen are adding or modifying the useRefreshTokens
, scope
, or audience
properties passed to createAuth0Client
.
Note: This will only happen the first time that these permissions are introduced for a user. If the logged in user has previously accepted these the prompt will not be required and the client will be created successfully.
How to fix it
The short answer is you need to log the user out so that they can accept the updated conditions you've required. There are two options for how to do this.
If, like me, you're still in the process of experimenting and testing on your local machine. Make sure you've logged your test user out before making changes to the parameters passed to createAuth0Client
. Possibly undoing the changes, logging the user out, and then making the changes.
Asking your users to log out so that you can deploy an update isn't going to scale. If you have an application in production or if you've got users on other machines then you'll need a more programatic solution.
In this case you can use the Auth0Client
class constructor that can be brought in from the same @auth0/auth0-spa-js
package to create the auth0 client. Fortunately it takes the same options as createAuth0Client
so it's an easy switch out. Using this to create an instance of Auth0Client
you can then programmatically log users out, when they log in again they'll see the prompt and be able to log in and continue using your app.
Top comments (0)