Hi
quick question, I’m trying to integrate auth0 into my SPA (react/redux) with embedded login and I’ve been reading the documentation. It regards to access token expiration, it states:
Read the expires_in response parameter returned by Auth0.
Ignore expiration dates altogether. Instead, renew the Access Token if your API rejects a request from the application (such as with a 401).
If I do the latter, can I not use getSession() then? Also, if I wanted to use the expires_in, do I just make a check every time I call an API to see if it’s almost expired?
I think you are talking about checkSession(). You can use check session to get a new token. The flow would go like this: send token to your custom API, the API returns a 401 expired token error, then you use checksession to silently renew the access token and make another call to the API.
P.S. a refresh token is a whole different type of token. You are talking about renewing an access token.
Thank you so much for your reply, I just a follow up question:
If I plan on using embedded login, I have no choice but to use auth0.js which doesn’t currently support PCKE? so I would also be forced to use implicit grant flow?