M2M Token renewal

I am running a bot application that uses Auth0 authentication. I am seeking clarification on the best way to programmatically update the token if it has 5 days to expire

1 Like

Hey there!

Then I guess what you need to know is the concept of refresh tokens.

Here’s our step by step doc on what are those, how they work and how to implement it:

Hope it will help!

@konrad.sopala is there a way to check validity of an Access Token?

Yep! Here’s more on that:

I need to check how much time it has before expiring

Refer to exp claim that the JWT payload contains.

The exp is always pointing to 24 hours from now. Which is not the actual expiry for the Access Token

I need to know the time remaining in the Access Token and not the ID token or the token for browser flows. Checking the expiry of the token on http://www.jwt.io always returns 24 hours. However, the Access Token for the API should be longer than that. How can I check the expiring date?

I’m merging this one as we don’t want to duplicate topics so that other potentially interested might really easily find answers for what they’re looking. Let’s keep the conversation in this topic.

1 Like

@konrad.sopala Check my previous concern

2 Likes

@konrad.sopala How should an access token be validated?
Should the client check the exp field before sending requests or should the client send the request and if they get a 401 they have to issue a new access token? What is the recommended way?

1 Like