Even if your access_token has expired, that doesn’t mean your session has expired. If you call webauth.checkSession, it will get you new tokens, as long as the session in Auth0’s servers haven’t expired. So, if you know that the access_token has expired, call webauth.checkSession to get a new one. If it returns login_required, that means that the session has expired, so the user will have to login again. More info: Auth0.js v9 Reference