Does React SDK validate ID Token automatically?

dsavage · April 6, 2021, 4:36pm

Hello! Does the React SDK (@auth0/auth0-react 1.3.0) automatically validate ID Tokens returned from a successful login in the authorization_grant flow?

I’m currently able to read authenticated user data via the user property exposed by useAuth0 const { user } = useAuth0(), and my understanding is that this data is coming from the decrypted ID Token jwt, my assumption is that the SDK is validating the jwt for me, which is quite nice.

I’m asking because the Auth0 docs suggest that ID Tokens should be validated, and I’m unable to find any concrete documentation in the SDK about whether this is already happening.

Thanks!

Giles452 · April 7, 2021, 10:16am

JWT expiration can be checked in two ways. First of all you have to install jsonwebtoken package and require it at the top of your file. Thereafter, you can follow the below ways to check JWT expiration before sending any rest requests.

dsavage · April 7, 2021, 4:21pm

Thanks, Giles. I think my question is more whether it needs to be checked when using the React SDK. Since the SDK is supplying data from the ID Token via the user context, I’m wondering if it is handling token validation (including whether the token is expired) already.