I’ve setup a React SPA using the auth0-react SDK to manage authentication, and I’m having an issue with handling authentication after page refreshes.
After a page refresh, the authentication is lost as I’m only storing the tokens in memory. To handle this I could simply set the cacheLocation on the Auth0Provider to local storage, but I’d like to avoid the security drawbacks with that approach.
Is there a way to configure it to only store the refresh token in local storage? Then on page refresh it could get a new access token using the refresh token. This way I could get the benefits of the refresh token usage detection if the refresh token happened to be leaked.
Is this something that I would have to manually implement?