Hi there, firstly – I’m new to community so I apologize if I put this in the wrong spot.
I’m building a react native app that will interact with APIs that I also write/manage. I have found Auth0 documentation for implementing this flow, but one thing I’m not sure on is where/when to save the tokens. I want to be sure I nail this step, because I feel like it has the potential to reduce the safety of the flow by a great deal if I don’t do it correctly.
Here is the flow as I understand it (no error handling, only happy-path for sake of brevity):
- A user enters the app for the first time, or is not already logged in
- They log in using the Auth0 web-login-thingy
- I receive a token
- I can use the token to authenticate with my API
Do I store that token? I don’t want my users to have to log in every time they use the app. If I do store the token, where do I store it?
If I’m not storing it, what do I do? Do I ping an authentication/authorization endpoint with Auth0 every time they open the app and get a new token?
I’m a little lost here, so any help is good help.