I am building an isomorphic application with next.js. However, I am confused about access token implementation. I am using the auth0js library.
When the browser takes over, I use
[checkSession](https://auth0.github.io/auth0.js/global.html#checkSession) to perform silent auth, the browser will request information from Auth0.
checkSession promise will return tokens in the
This means that it’s possible for the user to open up chrome dev tools, and set a breakpoint in the client code and view the
Does this mean that
accessToken variables are “allowed” to be exposed through the browser?