I’m using the react sdk. All the configuration works fine.
Every time the user logs in I use the getAccessTokenSilently() to get a token so I can call my backend.
The thing is, if the user keeps refreshing the page the getAccessTokenSilently returns a new token (I guess it makes sense because I’m using the in memory storage).
Is there a way to prevent this without using the local storage ?
If I refresh I don’t have to login again, the session is still there so why is the getAccessTokenSilently returning a new token?
I don’t know if I’m missing something but it seems odd. I can solve this by configuring cookies myself but if my session is still up the getAccessTokenSilently could return the same token.
Welcome to the Auth0 Community and sorry for the later response.
Indeed, by default the Auth0 React SDK sets the cache location to in-memory, so the session does not persist after page refreshes. As you have mentioned above, this can be changed to localstorage, so that should solve it.
The most probable cause of this issue would probably be driven by third-party cookies, as mentioned in our Knowledge Article.
One way to see if the problem resides here would be checking if the problem only occurs in some browsers (such as Safari) but not others (such as Chrome).
Silent authentication requires third-party cookies supplied by Auth0, so if the browser is blocking them, the SDK will not be able to set those cookies in the first place.