Hi all,
I am using auth0js@9.3.3 in an angular project and I am observing a (positive!) behaviour that I can’t find in the documentation.
After returning from the callback I invoke the parseHash method to retrieve my tokens, in the documentation (even in the full API docs) It is stated that the object returned contains {idToken, accessToken, expiresIn}. However I am also obtaining the very convenient idTokenPayload property, along many others like appState , refreshToken , scope, state, tokenType .
The token payload allows me to cache the user info directly without an additional call to auth0 API. My question is, why is every tutorial and documentation piece I see performing an additional call and ignoring this behaviour? As I cannot see any reference to such behaviour I fear that this could be on the road to deprecation or being not recommended…
I believe that the method parseHash is validating the IDToken with nonce and signature so I do not need to take further action. Also If I am caching just both my tokens, do I need to cache user info and expiration time or can I just parse the info back from my Idtoken after a refresh?
This is working great, I am just looking for advice or clarification from the pros!
Cheers!