When we use useRefreshTokens with REACT, Auth0 SDK automatically fetches refresh token and use it to autologin when we refresh page. But where is refreshtoken stored and used automatically on reload?
There are two react apps using same auth0 tenant (useRefreshTokens is true). How to make it possible that if some user is logged in app1, gets automatically logged into app2?
Can app1 transfer refresh token to app2?
You should not transfer tokens between applications. The token is issued to a specific application and sharing it with another is not intended.
You can use SSO to maintain the session between applications. SSO is enabled by default and the user should not have to submit credentials if a session already exists for your tenant.
According to documentation, refresh token are stored in memory for safety. But we can change storage location to browser storage by specifying in Auth0Provider.