How frequently should getAccessTokenSilently be called?

I’m using cookies to store the accessToken returned from getAccessTokenSilently. I do this in the AuthProvider component I have developed that envelopes the app. Perhaps I don’t need to store it in the cookie and just call getAccessTokenSilently in the AuthProvider’s useEffect().

With my storing the accessToken in the cookie, I’m worried that (putting aside all the security implications for the moment) when the accessToken expires, the only way to discover this event is when one of the API calls fail. And that happens in one of the children components of the AuthProvider that has called the API. In theory, I could signal this condition back to the AuthProvider and have it get a new access Token.

I think the React SDK documentation could be improved around this subject. At this point it feels like a black-box to me.

I’m really hoping that someone from Auth0 support jumps in here and answers my original question. It would be awesome if they could also answer it in the context of using refreshTokens.

1 Like