For a simple website application which is using Auth0 only for user authentication (email/pass), is token refresh required? For the application, are there negative consequences from token timeout?
Thank you.
Hello , I read your question i just tell my review on that it is jus my opinion on this so it is your choice how you take this :
Auth0 gives tokens, including the entrance token and revive token, to oversee client validation and admittance to safeguarded assets. The entrance token is regularly brief and makes some lapse memories (known as the token break). At the point when the entrance token terminates, the client needs to demand another symbolic utilizing the invigorate token.
If
Nonetheless, remember the accompanying contemplations:
Client Experience: Not executing token revive implies clients should sign in again after the entrance token lapses. This could be baffling for clients and result in a less smooth client experience.
Security and Responsiveness: In the event that your application handles touchy information or requires longer client meetings, token revive turns out to be more significant. It forestalls the requirement for clients to reemerge accreditations much of the time, which can prompt security takes a chance with like secret phrase Myjdfaccount weariness or feeble passwords.
Programming interface Solicitations: On the off chance that your site application associates with APIs for the benefit of the client, Programming interface solicitations will flop once the entrance token terminates. Executing token revive guarantees a consistent encounter for the client without break in Programming interface usefulness.
In outline, whether to execute token revive in your Auth0-put together application depends with respect to the particular prerequisites of your application and its awareness. For applications dealing with delicate information or requiring longer client meetings, token invigorate is prescribed to give a superior client experience and keep up with security. For non-basic applications, you might decide not to carry out token revive, but rather know about the compromises in client experience and security.
I hope you like my answer.
Thank You.
[ Tanya C. Mayweather ]