If I force refresh the credentials in my RN application, will that refresh also transition to the Web browser session?

Lets say I have a React Native mobile application and a React Web SPA. If I were to login in Auth0 through the React Native mobile application’s universal login, the Web browser would also have the session thanks to the out of the box SSO and would login me instantly without me having to input my username and password.

Now I am wondering what would happen to the web browser session if I were to go back to my mobile application and call getCredentials() with forceRefresh set to true, which in turn would refresh the credentials. Will the new credentials somehow automatically transition to the web browser session, or do I have to take some extra steps in order to achieve that?

Hi @BSK,

According to the docs, the CredentialsManager | react-native-auth0 uses a refresh token to renew the access token. This wouldn’t have an impact on the browser session.

If you want to refresh the tokens in your React SPA, you would need to initiate the request in that application.

Hope this helps!

Hi @dan.woda ,

First of all, I’d like to thank you for your response!

Lets say my access token has a 30 minute expiration time - If I were to login in my React Native application through the universal login flow, I’d also be able to login in my React SPA without having to input my credentials again thanks to the SSO for 30 minutes, correct?

What would happen if I attempt to authenticate to Auth0 on the React SPA after 1 hour? You mentioned that renewing the session on the React Native side would not impact the browser session, so does that mean the SSO won’t work anymore and I’d be prompted for credentials again?

1 Like

No problem, happy to help!

The token expirations and session lifetimes are different. For example, you could have a 3 day session lifetime, and a 5 minute access token lifetime.

The sessions are dictated by the settings in the link above, and aren’t beholden to the token lifetimes.

If the session lifetime was long enough, you would receive a new token.

I said renewing the access token with a refresh token won’t impact the browser’s session cookie with the Auth0 server.

Does that make sense?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.