Login Credentials not persisted by Auth0, Vuejs Implict Login

Hello All,

Please suggest a clean approach to persist user login data e.g access token, id_token.

Every time there is a page refresh, auth0 looses transaction data, not sure why.

Login Procedure:-

  1. User login to uat.domain.com -> Auth0 redirects to universal login page -> callback to uat.domain.com
  2. Then we store the jwt token data in local storage in encrypted format.
  3. From domain code user can navigate to App Code 1 or App Code 2.
  4. Jwt token data is shared among all apps cause there domain is common.
  5. Problem arises when i try to renew user token data as coz of Business requirement id_token expires in 1 hours(Security Issues), and we have logic which must refresh data in every 1 hour of active user participation.

Please suggest a possible way to get a new token without refreshing the page.

Thanks

Hey @anand.maurya - welcome to the Auth0 Community!

Have you considered the use of Refresh Tokens? You can find more information about then here: https://auth0.com/docs/tokens/refresh-tokens

Hey there, thank for writing.

even after using refresh token, new access token and refresh token are received in a callback redirect URL.

This doesn’t fit the business requirement.

Requirement is to fetch token data without any callback URL redirection that can potentially refresh web-page.

We are looking for a solution where system take cares of refreshing the token if the user is actively participating on the web page.

Hello, @anand.maurya,

The Refresh operation can be performed server-side, if you implement code like available in our documentation: https://auth0.com/docs/tokens/refresh-tokens/use-refresh-tokens

If you are looking for a full solution already built for this, Auth0 does not provide that - we provide you with the infrastructure and the tooling so that you can use it. This will, yes, require work on your application and server in order to implement. What I am recommending here is:

1.- Your application detects the kind of usage that you mention
2.- Your application makes a call to your server in order to refresh the token
3.- Your server refreshes the token and passes the new access token and refresh token to your application
4.- From that point on, your application consumes the new access token

Also, to provide clarity, just wanted to make sure you knew that Refresh Tokens should only be stored and exchanged in a secure environment. This means that this should be a server-side operation, rather than a client-side operation with a callback and a redirect. This would be considered insecure, as the browser is in the middle.

2 Likes

thanks a lot for your help. :slight_smile:

1 Like

We are here for you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.