Hello auth0 gurus,
I am trying to integrated my react app with auth0. and able to do that successfully thanks to this article: Auth0 React SDK Quickstarts: Login . However, I am not able to wrap my head around how to get the id token and refresh token post successful login. I checked the cookies, localstorage on my browser. nothing is seen. are there any documents that elaborate on this?
Also, how to get the nonce? I believe this is only available for access tokens.
The React SDK stores the tokens in app memory by default. You can instead use local storage by adding cacheLocation="localstorage" to your Auth0Provider component, but there are security considerations with that method which you can read about here:
The Refresh Token will be returned to your app if:
You API is configured to allow offline access: Register APIs
The Auth0Provider contains the offline_access scope: scope="offline_access"
The app is configured to allow refresh token rotation
The SDK will generate a nonce and send it with the oauth/authorize request when you call loginWithRedirect():