Getting a refresh token after API returns 401

Hi
quick question, I’m trying to integrate auth0 into my SPA (react/redux) with embedded login and I’ve been reading the documentation. It regards to access token expiration, it states:

Read the expires_in response parameter returned by Auth0.
Ignore expiration dates altogether. Instead, renew the Access Token if your API rejects a request from the application (such as with a 401).

If I do the latter, can I not use getSession() then? Also, if I wanted to use the expires_in, do I just make a check every time I call an API to see if it’s almost expired?

Hi @jsherman10,

I think you are talking about checkSession(). You can use check session to get a new token. The flow would go like this: send token to your custom API, the API returns a 401 expired token error, then you use checksession to silently renew the access token and make another call to the API.

P.S. a refresh token is a whole different type of token. You are talking about renewing an access token.

@dan.woda

Thank you so much for your reply, I just a follow up question:

If I plan on using embedded login, I have no choice but to use auth0.js which doesn’t currently support PCKE? so I would also be forced to use implicit grant flow?

Hi @jsherman10,

That is correct. We highly recommend using Universal login, but if you must use embedded that would be the way to go.