Second chance solution
After trial and error, I found a working Auth0 config with useRefreshTokens: true and useRefreshTokensFallback: false:
const auth0 = new Auth0Client({
domain: process.env.AUTH0_DOMAIN || '',
clientId: process.env.AUTH0_CLIENT_ID || '',
authorizationParams: {
redirect_uri: process.env.AUTH0_REDIRECT_URI,
audience: process.env.AUTH0_AUDIENCE,
},
sessionCheckExpiryDays: 30,
cacheLocation: 'localstorage',
// These settings are important to get rid of the issue in Auth0.
useRefreshTokens: true,
useRefreshTokensFallback: false,
})
Despite this, I really don’t now why authentication logic is triggered on non-authenticated endpoints. Perhaps there is a bug in RW but I’m not sure about it.