Auth0 Home Blog Docs

Auth0/auth0-spa-js Access token refresh?

Hi all,

I’ve added in auth0.js to my single page application. I have login and logout working and to make authenticated requests to my API I’m passing along the access token in the header of each request.

However, I noticed that my access tokens have an expiration associated with them.

My question is what is the prescribed way to deal with getting new access tokens so that the user can continue to make API requests?

From reading through the docs it seems that calling checkSession is the appropriate way to get a new access token? I’m currently just calling checkSession a few minutes before the access token expires to get a new access token. Is this the correct way to deal with access token expiration?


Hi @john_rambo, thanks for joining the Auth0 Community!

This is called “silent authentication” and you are correct: typically checkSession is called either when the application first loads or a bit before the token expiration (or both). The checkSession method calls Auth0 and sees if the user is authenticated on the server. If so, an access token is returned.

Also, remember that you can set the access_token expiry via the Dashboard in the APIs section (note that there is a separate field for browser flows). This doc explains how.

Here’s an example of using checkSession in Angular in the same way you describe.

Hope that helps!

Sam Julien