Hi
I have two questions:-
When we use useRefreshTokens with REACT, Auth0 SDK automatically fetches refresh token and use it to autologin when we refresh page. But where is refreshtoken stored and used automatically on reload?
There are two react apps using same auth0 tenant (useRefreshTokens is true). How to make it possible that if some user is logged in app1, gets automatically logged into app2?
Can app1 transfer refresh token to app2?
Thanks
Hi @ritiwari369,
Welcome to the Auth0 Community!
This blog explains how it works: Securing Single Page Applications with Refresh Token Rotation
You should not transfer tokens between applications. The token is issued to a specific application and sharing it with another is not intended.
You can use SSO to maintain the session between applications. SSO is enabled by default and the user should not have to submit credentials if a session already exists for your tenant.
Thanks @dan.woda 
According to documentation, refresh token are stored in memory for safety. But we can change storage location to browser storage by specifying in Auth0Provider.
<Auth0Provider
clientId={config.clientID}
domain={config.customDomain}
redirectUri={window.location.origin}
scope={config.scope}
useRefreshTokens
cacheLocation="localstorage"
>
{children}
</Auth0Provider>
That’s correct, thanks for providing the additional context.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.