User is returned undefined and isAUthenticated with false when logging into the same browser with different users

[jsaulsberry-cvet]

Checklist

• The issue can be reproduced in the auth0-react sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

When switching between different auth0 users within the same browser, the user from useAuth0() will return undefined and the isAuthenticated will return false, even after the user has successfully authenticated with the loginWithRedirect function. This occurs when using the cacheLocation is set to memory

Reproduction

1. Setup an auth0 provider with cacheLocation='memory' useRefreshTokens={true} and useRefreshTokensFallback={true}
2. Use a chrome or microsoft edge browser and authenticate a user and switch between several auth0 accounts.
3. You should notice that after proceeding through the loginWithRedirect and being directed to the client application that intermittently, the user will still be undefined and the isAuthenticated will be false.

Additional context

No response

auth0-react version

2.2.0

React version

18.3.1

Which browsers have you tested in?

Chrome, Edge

[jsaulsberry-cvet]

We are noticing that this has a higher rate of occurrence when the browser blocks third party cookies

[nandan-bhat]

Hi @jsaulsberry-cvet

Can you confirm if this issue occurs only when switching between different users? Additionally, could you share how the onRedirectCallback is being handled in your application?

Just a quick note: if cacheLocation is set to memory, the user information will not persist after a page reload. However, I understand that your use case might differ in this scenario.

[reyemtm]

What also occurs is that getAccessTokenSilently will return a valid token (if the token is not expired), even after isAuthenticated returns false. But of course we can't simply call this every time isAuthenticated is false because that could end up in a loop if the token throws an error.

[cestorer]

Same issues

[gyaneshgouraw-okta]

Hello @jsaulsberry-cvet @cestorer

It looks like the issue may be related to your application setup. As you mentioned, you're able to retrieve an accessToken via getAccessTokenSilently, but isAuthenticated remains false — that usually indicates a configuration problem.

To help narrow it down, could you try reproducing the issue using the minimal example from our README? Here’s a working snippet for reference:

// src/App.js
import React from 'react';
import { useAuth0 } from '@auth0/auth0-react';

function App() {
  const { isLoading, isAuthenticated, error, user, loginWithRedirect, logout } = useAuth0();

  if (isLoading) return <div>Loading...</div>;
  if (error) return <div>Oops... {error.message}</div>;

  return isAuthenticated ? (
    <div>
      Hello {user.name}{' '}
      <button onClick={() => logout({ logoutParams: { returnTo: window.location.origin } })}>
        Log out
      </button>
    </div>
  ) : (
    <button onClick={() => loginWithRedirect()}>Log in</button>
  );
}

export default App;

Please let us know if the issue persists with this example, that’ll help determine whether the problem is in the SDK setup or your app’s configuration. Feel free to share your snippets so that we can also have a look.

[gyaneshgouraw-okta]

Closing this issue for now, but if the problem persists or the earlier comment didn’t resolve things, please feel free to open a new issue and reference this issue and we can dig deeper.