Auth0-react maintaining authentication on page refresh

georgelt · December 1, 2020, 2:14am

I’ve setup a React SPA using the auth0-react SDK to manage authentication, and I’m having an issue with handling authentication after page refreshes.

After a page refresh, the authentication is lost as I’m only storing the tokens in memory. To handle this I could simply set the cacheLocation on the Auth0Provider to local storage, but I’d like to avoid the security drawbacks with that approach.

Is there a way to configure it to only store the refresh token in local storage? Then on page refresh it could get a new access token using the refresh token. This way I could get the benefits of the refresh token usage detection if the refresh token happened to be leaked.

Is this something that I would have to manually implement?

auth0-react v1.1.0

mmosttler · January 8, 2021, 11:18pm

@georgelt were you able to resolve this issue? did you have to do something manually outside of the Auth0 React SDK?

zacharykane · January 12, 2021, 4:28am

I’d also love to know how to achieve this. I had gotten the impression that Refresh Tokens were the answer to the safely maintaining sessions problem. After you enabled these on the API project, the SPA project, and the Auth0 JS client then calls to getTokenSilently would simply “work”.

Do I have this wrong?

Topic		Replies	Views
How to persist login with auth0-react after page refresh without localStorage? Help login , localhost , localstorage , auth0-react	5	11358	July 27, 2021
Storing Auth0 tokens in session storage instead of local storage Help id_token , access-token , auth0-spa-js	4	15659	May 24, 2021
SPA With Auth0 Automatically Logs Out on Page Refresh Issue Help logout , sessions	0	900	July 31, 2023
How does auth0-spa-js store tokens Help refresh-tokens	8	16400	September 27, 2019
Persisting login on refresh with refresh token rotation Help auth0 , login	3	5847	February 11, 2021

Auth0-react maintaining authentication on page refresh

Related Topics