Hi, we are creating a mobile app that uses refresh token.
Our app has control on both the application and API, we use the ID token as our bearer token.
This article here suggests that may be an ok use case?
The easy thing for me to do would be to check whether the ID token has expired, and get a new Id token via refresh token.
So the question is. How can I get the exp value from the JWT? Is this something I need to get a decoder for? Or that’s something I can do via the auth0 Api?
Alternatively, would it be a bad idea to use the access token expiration (making it the same as Id token expiration of course)?