Api tokens in SPA - getTokenSilently

I’m reading this article:

Within the “Create the Client” section there are two ways to create the client…

  1. The createAuth0Client factory method returns the auth0 object and within the instantiation calls getTokenSilently().

  2. You can call the Auth0Client constructor to get the auth0 object back

In the “Call an API” section…

The getTokenSilently() method is called on the returned auth0 object. It’s hard to tell from the documentation if that call is needed when the createAuth0Client was instantiated as getTokenSilently() was already called.

Does the call to getTokenSilently() always reach out to the Authorization Server to get a new token? Or does it reach out the first time, then cache locally until a refresh token is needed, in which case it handles all the under-the-hood work?

In other words should I always call getTokenSilently() before sending a request to the API? Or should I only call it once and save the token in memory (and therefore always have to check the expiration before making a request to the API) within the app?

I think I found my answer:

Looks like it handles everything “under-the-hood”, which is great.

Might want to have your documentation team add the link to the auth0client class documentation in a bunch of places within that article.

1 Like

Thanks for providing that feedback and glad you found it. I will relay that feedback to our docs team!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.