Token revalidation #30
-
Is there a way to check for an expired token and refresh it? I'm using the Auth0 strategy. I expected tokens to be checked for expiration on each request and get a new one if necessary. Is this supported by remix-auth, or how would I implement it? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
Token revalidation is out of the scope of Remix Auth and this strategy in particular. There are multiple ways you could support this:
There's probably more things you could do but I think those are the simplest ones. As a side note, remember you may not need the access token, you only need it if you plan to use the provider API as the authenticated user (e.g. use the user GitHub's access token to fetch private repos), if you only need to know who is the user with the profile object you got from the provider on the strategy callback you will have everything the provider knows about the user, after that you can find or create the user account on your own database and stop caring about the provider tokens. |
Beta Was this translation helpful? Give feedback.
Token revalidation is out of the scope of Remix Auth and this strategy in particular.
There are multiple ways you could support this:
authenticator.isAuthenticated
function to check for that, I wrote about this approach here https://sergiodxa.com/articles/working-with-refresh-tokens-in-remix.There's probably more things you could do but I think those are the simplest ones.
As a side note, remember you may not need the access token, you only need it if you plan to use the provider API as the …