Hello,
I’ve followed this tutorial: https://auth0.com/docs/quickstart/spa/react/05-token-renewal but have been unable to keep users logged in indefinitely. I’ve set the “Token Expiration” to 864000 (as I understand it, this is the maximum amount of time… please correct me if I’m wrong). I’m not sure how this relates to the ‘expires_at’ parameter that is set in local storage. Do I need to increase the number in this line: let expiresAt = JSON.stringify((authResult.expiresIn * 1000) + new Date().getTime());
?
Any help is greatly appreciated! Thanks!
When you say “keep users logged in”, what do you mean? Are you talking about your app or Auth0’s session?
Hi. I mean in the app. Currently a user has to re-login to the app every day.
Ok, but you control your app’s session, right? How are you expiring your user’s sessions?
Yeah, if you access the app after the token is expired, then you’ll have to authenticate again. You can also call renewToken
yourself if you want to get a new token (if one is available from the server)
How do I make the token not expire for a very long time? Do I increase the 1000 in let expiresAt = JSON.stringify((authResult.expiresIn * 1000) + new Date().getTime());
? Or do I change the “Token Expiration” in the api?
Change the token expiration in the API. The code you mentioned uses whatever expires_in
is returned from auth0’s server. A super long access token is not recommended or secure, though. Ideally, you should call renewToken
when your app loads and get a new token (if available) from the authorization server. This way, you can revoke tokens/users and they’ll lose access to your app on the next renewal.
Thanks for your help Luis. I thought the code i mentioned does what you are saying – but it doesn’t seem to because users have to keep logging in every day. Is there something else I need to add?
And if not, what is the longest the token expiration can be set to?
You can call renewToken when your app starts. This will renew the token if possible (unless the server session has expired).
I don’t what’s the maximum amount of time you can set
Hi Luis,
The code calls this.scheduleRenewal();
in the constructor, which does this scheduleRenewal() { const expiresAt = JSON.parse(localStorage.getItem('expires_at')); const delay = expiresAt - Date.now(); if (delay > 0) { this.tokenRenewalTimeout = setTimeout(() => { this.renewToken(); }, delay); } }
Am I missing anything? Here is a gist of my code: auth actual usage · GitHub
Thanks again,
Jon
Yes, but the sample code won’t try to renew the token if it is already expired, which is probably what you’re facing. My suggestion is just call renewToken
when the app starts and this should reduce the amount of times users get asked to login again.
Thanks Luis.
So you suggest putting this.renewToken = this.renewToken.bind(this);
into the Auth.js constructor, and then calling this.props.auth.renewToken();
right when a user visits the site?