I understand that the best practices are to use Auth0 Single Page App SDK and not store tokens in local storage. I am currently trying to understand how secure auth0-spa-js is but I can not find any information on the architecture for that library. Internally, how does auth0-spa-js store both access…

Yes, that applies in the same way for this grant type, if the client is a SPA. It’s also the grant type that the auth0-spa-js uses.

How does auth0-spa-js store tokens

Help

npatel September 12, 2019, 9:50am 6

did you set the audience correctly? that should enable JWT access_token instead of a string access token.
Can you also check what is getting sent in headers

1 Like

Auth0/auth0-spa-js Access token refresh?

Topic		Replies	Views
Storing Auth0 tokens in session storage instead of local storage Help id_token , access-token , auth0-spa-js	4	15508	May 24, 2021
auth0.getTokenSilently vs storing access token in localstorage Help auth0-spa-js , sdks-quickstarts	0	1482	June 22, 2023
Persisting Login Between Refreshes Help	12	25671	June 1, 2019
Store and retrieve Google Refresh token Help	8	14551	October 25, 2020
Saving refresh token in browser Help refresh-tokens , password-grant	6	3936	November 18, 2019

How does auth0-spa-js store tokens

Related Topics