Getting a refresh token after API returns 401

Hi
quick question, I’m trying to integrate auth0 into my SPA (react/redux) with embedded login and I’ve been reading the documentation. It regards to access token expiration, it states:

Read the expires_in response parameter returned by Auth0.
Ignore expiration dates altogether. Instead, renew the Access Token if your API rejects a request from the application (such as with a 401).

If I do the latter, can I not use getSession() then? Also, if I wanted to use the expires_in, do I just make a check every time I call an API to see if it’s almost expired?

1 Like

Hi @jsherman10,

I think you are talking about checkSession(). You can use check session to get a new token. The flow would go like this: send token to your custom API, the API returns a 401 expired token error, then you use checksession to silently renew the access token and make another call to the API.

P.S. a refresh token is a whole different type of token. You are talking about renewing an access token.

1 Like

@dan.woda

Thank you so much for your reply, I just a follow up question:

If I plan on using embedded login, I have no choice but to use auth0.js which doesn’t currently support PCKE? so I would also be forced to use implicit grant flow?

Hi @jsherman10,

That is correct. We highly recommend using Universal login, but if you must use embedded that would be the way to go.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.