#token stuff
grand furnace
you basically send a token AND refresh token with the initial auth.
if the auth token gets destroyed or invalidated from the server (e.g. logout on other device),
you can fetch the auth -> check if valid -> if not send auth with refresh token.
this refresh token will act like a valid login and provides a new auth for the user (authToken and NEW refreshToken)
if you want to completely disconnect the auth. you just kill the refresh token in the db aswell
this way you can manage multiple devices if they all logged in with an active session of the user
charred marlin
@grand furnace I only use auth0 in nexxtjs frontend
I don`t use any db for this auth0
grand furnace
well sorry, xD misread oauth !== auth0
charred marlin
In order to get token expiration, I sent request and got response , 401 error , in this case, I got refresh token
how to get easily token expiration?
it is auth0
charred marlin
so if I use refresh token, then it is not expired?
or should I use refresh token when access token is expired?
grand furnace
401 == 'Not authorized'?
charred marlin
Yes
grand furnace
if you request a page when you where logged in, you get a 401, that means your access has expired
if that happens
so you basically wrap your calls in
request.then(code => if (code == 401) return new refreshRequest().then(originalRequest.then(return response))).then(return response)
charred marlin
I have multiple pages and I only use frontend with nexdtjs
<Auth0Provider
domain={"https://gatekeeper.staging.rondayapp.com"}
clientId={"yiThk13p87t9EipRLvNCy0IxpJAA0EhU"}
redirectUri={"https://my.staging.rondayapp.com/verification"}
>
<Component {...pageProps} />
</Auth0Provider>
this is my _app.js
grand furnace
i never used auth0 and this convo gets to detailed for me, i have other stuff to do. The docs should provide what you need in 99% of the cases.
