Auth0 Home Blog Docs

Expired access token with lock and checkSession not working to keep user logged in

lock
checksession

#1

Hi there, thanks for taking the time to read this. Our startup just started implementing an Auth0 login to incorporate logging in with social accounts. We’re using the lock API and we’re also storing some data for each of our users in the user_metadata field.

Unfortunately, it seems like after a user has left the site for more than two hours, we can’t access their user_metadata. We did try to incorporate the checkSession code that’s suggested, however it doesn’t seem to be working and is throwing the following error:

attributes: {error: "Expired token received for JSON Web Token validation"}
error: "Unauthorized"
message: "Expired token received for JSON Web Token validation"
statusCode: 401

The code we’re using is:

this.authenticationLock.checkSession({}, function(error, authResult) {
      if (error || !authResult) {
        this.authenticationLock.show();
      }
      else {
        request(options, function (error, response, body) {
          if (error) throw new Error(error);
          try {
              if (body !== null && JSON.parse(body).user_metadata !== undefined) {
                  // do stuff with response here
              }
          }
          catch (e) {
          }
        });
      }
    });

Are we doing something wrong?

Thanks for the help!


#2

Hi Shanif. When you say:

we can’t access their user_metadata

what exactly do you mean by that? Are you talking about an HTTP request? If so, to what endpoint? And what error are you getting?

As for the Expired token received for JSON Web Token validation error, is this caused by the checkSession() method? Can you record and attach a HAR file so that I can understand where the error is coming from? Make sure to delete any passwords in the .HAR file before attaching.


#3

Hi Nicolas,

Thanks for getting back to me. It turns out I was able to fix this by taking the response from the checkSession method and saving the various fields (id_token, access_token, etc) back into the user’s local storage. After I did that and then made an HTTP request to the endpoint to retrieve users (I believe it was /users/) things started working.

Thanks!