getAccessTokenSilently doesn't call api when id_token is expired

Hey, I downloaded spa react sample application. In Management of SPA application, I set expiration of ID Token to 5 seconds (only to demonstrate my problem).

image2000×304 18.9 KB

const tokens = await getAccessTokenSilently({detailedResponse: true}),

I will get both access_token and id_token. Access token has expiration 86400 and id token 5s. After 5s, I call this function again, but values are taken from cache (apparantely because access_token is not expired yet?). If I use

const tokens = await getAccessTokenSilently({detailedResponse: true, cacheMode: "off"}),

I get new valid id token, but that is not really what I would want to use in production application, as I want to use cache.

Btw I am using refresh tokens, but that shouldnt matter.

Thanks for any help.

Hey there @dominikjasek!

This is a bit tricky, but expected behavior - The call is not necessarily concerned with the ID token expiration. Essentially, because the ID token is only designed to be used on the client side it can more or less be discarded once the users information has been gathered from it. It just proves successful authentication but not authorization (this is the access token). The ID token is irrelevant to the session established at the authorization server (in this case Auth0) which is checked when getAccessTokenSilently is called. So as you’ve noticed the ID token may be renewed, but not necessarily.

Hope this helps a bit!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.