Auth0 Home Blog Docs

When to acquire new id tokens when integrating with Cognito?

id_token
refresh-tokens

#1

I’m using Auth0.js to authenticate users on Cognito.
So, I have 2 authentications that can expire: Auth0 and Cognito.
Is there a recommended way of managing the expiration?
Should I wait for one of them to expire, and then call checkSession() to get a new id token and refresh that token on Cognito?
Or should every time there’s a request get a new Auth0 token?


#2

In the Refresh Token doc, in the Use a Refresh Token section it states:

You should only ask for a new token if the Access Token has expired or you want to refresh the claims contained in the ID Token. For example, it’s a bad practice to call the endpoint to get a new Access Token every time you call an API. There are rate limits in Auth0 that will throttle the amount of requests to this endpoint that can be executed using the same token from the same IP.

That should give you the guidance you need