I’m using Auth0’s PHP SDK to add social sign in to my website.
The quick start guide is helpful but it doesn’t mention refresh tokens at all.
As per the guide, I am using $auth0->getCredentials() !== null
to verify that the user is logged in before they can access any protected areas of the site.
Some questions:
-
At some point, I assume the user’s session (token?) will expire. What happens when this occurs? Will
$auth0->getCredentials()
simply returnnull
or will some kind of error be thrown? -
When this happens, how should it be handled? Can the SDK automatically refresh the token without interaction from the user, or must the user log in again themselves?
-
How can I test the above? Is there a way to force a token to expire so it needs to be refreshed, or can I change the token expiry timeout to be very short (e.g. 1 minute) for testing purposes?