When does getAccessTokenSilently refresh the access token?

  • Which SDK this is regarding: @auth0/auth0-react
  • SDK Version: 1.10.2
  • Platform Version: How can I check what version I’m on?

I’m using getAccessTokenSilently in a Provider to refresh access tokens in my application, and am trying to figure out how often I need to call it to ensure the access token is refreshed as soon as possible. The documentation says that getAccessTokenSilently only makes a request to Auth0 when the access token is invalid, but after some manual testing it seems to make the request before the access token becomes invalid.

I did the following tests:

  • Set the access token expiration to 2 minutes & called getAccessTokenSilently every minute. I received a new access token on every call to getAccessTokenSilently.
  • Set the access token expiration to 20 minutes & called getAccessTokenSilently every minute. I received a new access token after 19:05 minutes.
  • Set the access token expiration to 30 minutes & called getAccessTokenSilently every minute. I received a new access token after 29:07 minutes.

It seems like if I call getAccessTokenSilently ~1 minute before the token expires it will refresh the token. Is that something I can count on & is it documented somewhere I missed?

I saw this similar post but the responses didn’t answer my question. Thanks, and let me know if there’s any useful info I can add!

1 Like

Hey @eywolfe! The auth0-react SDK is built on top of the auth0-spa-js SDK. The latter would renew the tokens if the time is within the last 60 seconds of expiry: https://github.com/auth0/auth0-spa-js/blob/4c0c755c51781ed8da7cd43b0f33da1c9166b963/src/Auth0Client.ts#L1165

As you can see in the above code, the behavior is not customizable. You can rely on the behavior with a specific SDK version, but there’s no guarantee it will stay the same in all future updates.

3 Likes

Thanks for the response, that completely answers my question!

2 Likes