Hi @praskatti,
The React SDK stores the tokens in app memory by default. You can instead use local storage by adding cacheLocation="localstorage"
to your Auth0Provider
component, but there are security considerations with that method which you can read about here:
The Refresh Token will be returned to your app if:
- You API is configured to allow offline access: Register APIs
- The
Auth0Provider
contains the offline_access scope:scope="offline_access"
- The app is configured to allow refresh token rotation
The SDK will generate a nonce and send it with the oauth/authorize
request when you call loginWithRedirect()
: