I’m using Auth0 for the first time and am trying to get a grasp for the general auth flow I should be following for my mobile application. I’ve been having trouble setting up Passwordless Embedded Login using the React Native SDK, so I’m now using the Authentication API (i.e.
I am able to send an SMS code to my device, verify the code, and produce an access token and refresh token and I am storing using the React Native Secure Key Store package. I’m not sure what to do from here. Should I be hitting
/oauth/token everytime the app launches to get a new access token with my refresh token? How do I know if my access token is expired? I have an internal API I’m wanting to pass access tokens to, but I’m not sure how to know when the stored access token needs refreshed or not.
Any input on what the general flow should look would be appreciated!