Auth0 Home Blog Docs

Mobile App Save Token Flow Question

Hi there, firstly – I’m new to community so I apologize if I put this in the wrong spot.

I’m building a react native app that will interact with APIs that I also write/manage. I have found Auth0 documentation for implementing this flow, but one thing I’m not sure on is where/when to save the tokens. I want to be sure I nail this step, because I feel like it has the potential to reduce the safety of the flow by a great deal if I don’t do it correctly.

Here is the flow as I understand it (no error handling, only happy-path for sake of brevity):

  • A user enters the app for the first time, or is not already logged in
  • They log in using the Auth0 web-login-thingy
  • I receive a token
  • I can use the token to authenticate with my API

Do I store that token? I don’t want my users to have to log in every time they use the app. If I do store the token, where do I store it?

If I’m not storing it, what do I do? Do I ping an authentication/authorization endpoint with Auth0 every time they open the app and get a new token?

I’m a little lost here, so any help is good help.