CODEWITHSUNDEEP
reactjsnext.jsauth0auth0-js
Nicole Staline
Nicole Staline

Reputation: 671

How often to refresh Access Tokens in Auth0 when making requests

I'm setting up my API to expect a valid token from auth0 on each request. I'm using auth0-js and am confused about how to use checkSession() which is listed here: https://auth0.com/docs/libraries/auth0js

  const authLink = setContext(async () => {
    let token;
    try {
      await auth.checkSession();
      auth.isAuthenticated
      token = auth.getAccessToken();
    } catch (e: any) {
      if (e.error !== "login_required" && e.error !== "consent_required") {
        console.log(e);
      }
    }
    return {
      headers: {
        "Content-Type": "application/json",
        Authorization: token ? `Bearer ${token}` : "",
      },
    };
  });

I'm currently running checkSession() on every request, which makes a call out to auth0's authorization server and ensures the token being sent with the request is valid and up to date.

This seems like overkill though and slows down requests pretty significantly. I would think that I could store the access token and only refresh it when it either wasn't set or has expired. Are there any issues with this? Most references I find using this library always seem to call checkSession before sending a request.

Upvotes: 0

Views: 237

Answers (1)

tyf
tyf

Reputation: 11

It's encouraged to store tokens and only renew when necessary - This is generally referred to as silent auth. Auth0 SPA SDKS for example take care of this for you with refresh tokens for the most part.

Upvotes: 0

Related Questions