Clarification: Do I have to call user.jwt() before every back-end call

[willdkp]

I am passing the a JWT token to a lamda function on netlify. Currently I am calling auth.currentUser().jwt() before each fetch to the lamda function endpoint. Is it possible to call .jwt() once after a user logs in and cache it somewhere in my react app? Or is it needed to do this just-in-time of when I am going to use it.

Will the token expire or go stale? If so when?

[luukdv]

In my experience, it will go stale without explicitly calling jwt() each time.

[erezrokah]

In my experience, it will go stale without explicitly calling jwt() each time.

This ⬆️

But the jwt method will only refresh the token when needed, otherwise it returns the current one:

gotrue-js/src/user.js

Line 69 in 36dc2a9

if (forceRefresh || expires_at - ExpiryMargin < Date.now()) {

However, Netlify functions has an identity context (with an elevated permissions token) set for them so you might not need to send the token at all. See example:
https://github.com/netlify/gotrue-js#get-a-user

[SteveALee]

However, Netlify functions has an identity context (with an elevated permissions token) set for them so you might not need to send the token at all. See example:
https://github.com/netlify/gotrue-js#get-a-user

This is critical information and needs documenting for securing Functions in a production context

[jon-sully]

Posting this for others who may come here; this extensive discussion on Netlify Community should answer plenty of questions around using Netlify Identity with Netlify Functions and joining the two