Overview
This article will explain what happened to the expiresIn property in the new Auth0 SPA SDK that was previously available in the parseHash result of Auth0.js and explains how token expiration and renewal should be handled in the new Auth0 SPA SDK.
Applies To
- Token Expiration and Renewal
- New Auth0 Single Page App (SPA) SDK
Solution
Unlike Auth0.js, the SPA SDK automatically manages token expiration and renewal, making the expiresIn
property redundant in most cases.
When requesting a token via getTokenSilently()
, the SPA SDK will do one of the following:
a) Return a valid cached token if available.
b) Silently renew the token if it’s expired.
c) Prompt the user to log in again if silent renewal fails.
After calling getTokenSilently()
, the exp claim will be in the returned access token. The exp value is the expiration time of the token as a Unix timestamp.
If the equivalent expiresIn value is still required, calculate it using the following:
const currentTime = Math.floor(Date.now() / 1000);
const expiresIn = accessToken.exp - currentTime;
Please refer to Migrate from Auth0.js to the Auth0 Single Page App SDK for more details on migrating from Auth0.js to the Auth0 SPA SDK.