Frontegg sends the refresh cookie in a refresh request to /user/token/refresh and if the user's refresh token is still valid it will return a new refresh cookie. There are several cases when the refresh request will get a 401 response:
1. If you're seeing 401 on a refresh request when your login box loads, it is expected because this is how Frontegg checks whether the user is already logged in. If the user is already logged in, they will be redirected directly to your app, if they aren't, they will need to log in.
2. If you're seeing a 401 on the refresh route: frontegg/identity/resources/auth/v1/user/token/refresh after the user tries to log in, it could be due to the following reasons:
- As mentioned, the refresh requests will send a refresh cookie, to validate it, if you're using Safari, incognito mode, or a mobile browser, that by default blocks third-party cookies, you're very likely to get 401s for the refresh request. In such cases, we recommend using a custom domain: https://docs.frontegg.com/docs/adding-custom-domain
When using a custom domain, make sure to replace your Frontegg domain in the contextOptions (baseURL) with your custom domain.