5.0.0-beta.4 web support issue

[tomstevens94]

Checklist

• The issue can be reproduced in the react-native-auth0 sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

I have a recurring issue in an Expo app. We run on iOS, Android, and Web. Our current implementation on iOS and Android works, and after a user logs in, we have access to a User object, an access token, and a refresh token all by using the useAuth0 hook. We require a refresh token.

In our Auth0 Dashboard, we have a SAML enterprise connection. As mentioned above, this is successfully used in both iOS and Android, connecting via an Auth0 'Native' Application setup within the Auth0 dashboard.

We have also setup a separate SPA application in the Auth0 dashboard, and our codebase is currently using 5.0.0-beta.4, as this seems to be the only version currently with web support.

On web, when calling the 'authorize' function, we are navigated through the same login flow, can successfully log in, and we are navigated back to the web app.

At this point, we receive a 'missing_refresh_token' error in the console.

The sample app seems to currently use 5.0.0-beta.1, and as a result does not offer web support. I've upgrade to 5.0.0-beta.4, and get the same issue.

On web, I have found that passing an 'audience' value to the Auth0Provider, means that when we are navigated back from the login flow to the web app, we have access to a user object correctly, and an access token, but the refresh token remains undefined, and after refreshing the page all data relating to authentication is lost, returning to the same error. Passing this value to the provider also causes a type-error, even though the value seems to be passes into authorizationParams successfully.

I am passing a scope of 'offline_access' to the authorize function, and the name of the SAML connection. These 2 values alone are enough on mobile to work perfectly, but the same values on web cause this issue, I have tried adding an 'audience' value to the authorize function with no luck.

Is there something Im missing? Or is this a use case that isn't available using the current beta version? Should we implement auth0-react for web only?

PS, When raising this issue, 'Platform' is a required field, and the only options are iOS and Android, seems web should be added now there is partial web support in this library.

Reproduction

In sample Expo app:

Upgrade to 5.0.0-beta.5
yarn add '@auth0/auth0-spa-js' - as per the migration guide
yarn run web
See the error

Additional context

No response

react-native-auth0 version

5.0.0-beta.4

React Native version

0.79.5

Expo version

53.0.0

Platform

iOS

Platform version(s)

0

[subhankarmaiti]

Hi @tomstevens94, thanks for sharing the feedback. This seems related to the spa-js issue, which will be addressed in the upcoming version. I’ll investigate further and share our findings here.