We’re having some trouble with our angular spa app. On our localhost and qa sites everything works fine. The problem happens on our production environment. After the login by the user (two step authentication), the browser redirects to login/callback. The problem here is that there are no calls to the token api, so the token is null (using getAccessToken()). There is no token on local storage or cookies. Also the isAuthenticated method returns false. Why is this happening?, how can I solve this?. Maybe after the redirect there is no variable indicating that this is a redirect so the token api call never happens?.
@Eber Hi, for “qa sites” you mentioned, do you mean it is working in dev or preview account? And the issue only happens in production org?
Can you please check if you have the access to Security → API → Trusted Origin tab. Did you add your URI there?
Hi, thanks for the reply. Yes, in qa and dev we work using a preview account. In this preview account we hace access to trusted origin tab and we have added our site there. The user is yet to confirm us if they have set the production site on trusted origins. Also, they told us that when they create a spa app registration, the don’t use pkce. Since I’m using a preview account that option is blocked (always marked). Is it possible to create a SPA app without pkce?, and If that is the case, can I handle that on angular?
@Eber If preview orgs work, I suggest you can make sure your production org configuration settings exactly same with your preview. Please check if your users have access to trusted origins. If not, they may need to purchase API AM feature since this FF is not free in production org.
The below is the steps to create SPA. The PKCE flow is enabled by default.
Are you trying to build native app? or other apps?
@Lijia thanks for your help. We’ve confirmation about the configuration and, indeed, PKCE is enabled. The only thing missing is to confirm that the site is in the trusted origins list. If it’s not, could that be causing the null token error?
@Eber You need to add the redirect URI to trusted origin as well. Please try to add that configuration first.