API and authentication issues
This section addresses common API and authentication issues:
Why do I get a 401 error on refresh requests?
Frontegg sends a refresh cookie in refresh requests to /user/token/refresh. If the user's refresh token is valid, a new refresh cookie will be returned. However, there are several scenarios where a refresh request may result in a 401 response:
1. Expected behavior during login checks
If you see a 401 error on a refresh request when the login box loads, this is expected behavior. Frontegg uses this check to determine if the user is already logged in:
- If the user is logged in, they are redirected directly to your app.
- If the user is not logged in, they are prompted to log in.
2. Refresh request errors after login attempts
A 401 error on the refresh request (/user/token/refresh) after a user attempts to log in is often caused by blocked third-party cookies. Browsers like Safari, incognito mode, or mobile browsers frequently block third-party cookies by default, which prevents the refresh cookie from being validated and leads to 401 errors.
Resolution
To address this, we recommend using a custom domain. Follow the steps in the Adding Custom Domain guide to configure one.
Once you have set up a custom domain, update your contextOptions configuration to replace your Frontegg domain (baseURL) with your custom domain.
What does “redirect_uri_message” mean?
When using Frontegg's hosted solution, any redirect URLs you intend to use must be explicitly authorized. If you attempt to redirect to a URL that has not been added, you will encounter the following error:
"errors":["Redirect uri wasn't found"].
Steps to resolve the issue:
Open the Frontegg portal.
Navigate to: [ENVIRONMENT] ➜ Configurations ➜ Authentication ➜ Login method.
Under the Hosted login section, add the URL you are attempting to redirect to in the URLs field.
Once the URL has been added, try the redirect again, and it should work without issues.