Hello @dmorin!
It’d likely be safest to rely on the Auth0 SDK you are using to check if a user is authenticated. For example, in the React SDK this would look like:
import React from "react";
import { useAuth0 } from "@auth0/auth0-react";
const Profile = () => {
const { user, isAuthenticated, isLoading } = useAuth0();
if (isLoading) {
return <div>Loading ...</div>;
}
return (
isAuthenticated && (
<div>
<img src={user.picture} alt={user.name} />
<h2>{user.name}</h2>
<p>{user.email}</p>
</div>
)
);
};
export default Profile;
As discussed in this Github issue, auth0.is.authenticated
is used to determine if a request to Auth0 for silent authentication should take place. Depending on timing, in cases where silent authentication would fail (i.e. an expired session), it’s possible that auth0.is.authenticated
would be true
when in fact the user should log in. If you were to use an Auth0 SDK instead, then it will handle the authentication check for you.