I’m reading this article:
Within the “Create the Client” section there are two ways to create the client…
-
The
createAuth0Client
factory method returns theauth0
object and within the instantiation callsgetTokenSilently()
. -
You can call the Auth0Client constructor to get the
auth0
object back
In the “Call an API” section…
The getTokenSilently()
method is called on the returned auth0
object. It’s hard to tell from the documentation if that call is needed when the createAuth0Client
was instantiated as getTokenSilently()
was already called.
Does the call to getTokenSilently()
always reach out to the Authorization Server to get a new token? Or does it reach out the first time, then cache locally until a refresh token is needed, in which case it handles all the under-the-hood work?
In other words should I always call getTokenSilently()
before sending a request to the API? Or should I only call it once and save the token in memory (and therefore always have to check the expiration before making a request to the API) within the app?