I've been playing with the Auth0 SPA SDK https://auth0.com/docs/libraries/auth0-spa-js
I keep running into an issue where I an error is thrown with code
consent_required when trying to initialise the Auth0 client by calling
createAuth0Client that is brought in from the library
import createAuth0Client from "@auth0/auth0-spa-js".
Reading into it this is because the
createAuth0Client function is calling
getTokenSilently as part of the creation. This call fails when a user has a current session but the parameters of the authentication have changed to require the user accepts some updated conditions.
Examples of where this is going to happen are adding or modifying the
audience properties passed to
Note: This will only happen the first time that these permissions are introduced for a user. If the logged in user has previously accepted these the prompt will not be required and the client will be created successfully.
The short answer is you need to log the user out so that they can accept the updated conditions you've required. There are two options for how to do this.
If, like me, you're still in the process of experimenting and testing on your local machine. Make sure you've logged your test user out before making changes to the parameters passed to
createAuth0Client. Possibly undoing the changes, logging the user out, and then making the changes.
Asking your users to log out so that you can deploy an update isn't going to scale. If you have an application in production or if you've got users on other machines then you'll need a more programatic solution.
In this case you can use the
Auth0Client class constructor that can be brought in from the same
@auth0/auth0-spa-js package to create the auth0 client. Fortunately it takes the same options as
createAuth0Client so it's an easy switch out. Using this to create an instance of
Auth0Client you can then programmatically log users out, when they log in again they'll see the prompt and be able to log in and continue using your app.