I’m using Auth0’s PHP SDK to add social sign in to my website.
The quick start guide is helpful but it doesn’t mention refresh tokens at all.
As per the guide, I am using
$auth0->getCredentials() !== null to verify that the user is logged in before they can access any protected areas of the site.
At some point, I assume the user’s session (token?) will expire. What happens when this occurs? Will
nullor will some kind of error be thrown?
When this happens, how should it be handled? Can the SDK automatically refresh the token without interaction from the user, or must the user log in again themselves?
How can I test the above? Is there a way to force a token to expire so it needs to be refreshed, or can I change the token expiry timeout to be very short (e.g. 1 minute) for testing purposes?