SPA refresh token without a ContextProvider

ratoui · October 10, 2019, 9:58pm

I am using the Auth SPA SDK in a React SPA and I understand that I should not use a refresh token and only use the in-memory copy of the token. The docs mention that the SDK handles session management and other details. Where can I find out more about these details?

The SDK offers the “getTokenSilently” method to automatically refresh the token after it expires. I am not using the Auth0Context.Provider to wrap my app, but rather the vanilla JS version where I instantiate the auth0 client directly since my entire app needs to be behind the login flow. Given that I don’t render my app unless the user is properly authenticated, how can I check that the token expired?

naingaungphyo · October 16, 2019, 6:42am

Where can I find out more about these details?

Did you read this QuickStart guide?
https://auth0.com/docs/quickstart/spa/react

I don’t know much about react because I use Angular. Please take a look at Angular guide too because underlying methods is the same. Angular guide is well-explained about Auth0Client methods imo.

Please check the end of this session.
https://auth0.com/docs/quickstart/spa/angular2/01-login#add-an-authentication-service

If you wanna know more, how about checking github source.

github.com

auth0/auth0-spa-js/blob/main/src/Auth0Client.ts

import Lock from 'browser-tabs-lock';

import {
  createQueryParams,
  runPopup,
  parseAuthenticationResult,
  encode,
  createRandomString,
  runIframe,
  sha256,
  bufferToBase64UrlEncoded,
  validateCrypto,
  openPopup,
  getDomain,
  getTokenIssuer,
  parseNumber
} from './utils';

import { oauthToken } from './api';

This file has been truncated. show original