How to renew access token after 2 hours

tridnguyen · October 6, 2020, 5:42am

This is a follow up of JWT expiration 2 hours regardless of ID Token Expiration setting

As I understand, the access token has a 2 hour expiration, while the ID token lasts much longer.

Once the access token expires, how can I renew it?

Can I renew it using the method webAuth.checkSession , or do I have to call webAuth.authorize() ? (https://auth0.com/docs/libraries/auth0js/v9)

Currently, I have a silent auth flow, and if the parseHash comes back with an error of login_required , I am calling webAuth.authorize() again without prompt: "none" . I am wondering, in the case of this error, that I should try doing webAuth.checkSession to renew the access token?

dan.woda · October 7, 2020, 10:42pm

Hi @tridnguyen,

If you are using Auth0.js, you can use the checkSession method to silently get a new token (silently = no user interaction).

Here is the doc of how to renew a token with check session:

https://auth0.com/docs/libraries/auth0js#using-checksession-to-acquire-new-tokens

You may want to consider upgrading from the older auth0.js sdk, to the newer auth0-spa-js sdk. The latter SDK makes it possible to use refresh tokens with refresh token rotation.

system · October 22, 2020, 10:42pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.