Checking validity of tokens in isAuthenticated

[WJGoldsworthy]

I am using an implementation of remix-auth with an OktaStrategy. I was using the isAuthenticated function which was returning me the details of the user in the session along with the accessToken even though the access token was expired.
Is there or should there be any check during this that checks the validity/expiration of the token and session?

[sergiodxa]

isAuthenticated only checks if you have the user data on the sessionKey (user by default), what you store there is up to you so if you do store something with an expiration data you need to manually check if it's expired.

Another option could be to use the expiration data of the access token as the expiration of the session cookie, but if you have a refresh token this means you will lose the refresh token, so you probably want to keep the cookie around and verify the validity of the access token yourself.

[gitChristian]

For option 2 where we set the cookie expiry the same as the auth0 jwt: where do you suggest we do this?

Trying to do it after authenticator.authenticate doesnt work because it doesnt seem to return when you set the redirects.

const session = authenticator.authenticate("auth0", request, {
    successRedirect: "/dashboard",
    failureRedirect: "/login",
  });
console.log("never gets here");

Trying to figure out how I can

headers: { "Set-Cookie": await commitSession(session) }

[gitChristian]

Oh actually maybe like this:
#172 (comment)