From 5e86185dadc2fab4dd69330f9a12d3e3c0861a8f Mon Sep 17 00:00:00 2001
From: Rene Cunningham <rene.cunningham@auth0.com>
Date: Thu, 25 Feb 2021 10:04:27 +1100
Subject: [PATCH] CLI-34: Attempt to validate access token when checking if the
 user is logged in.

---
 internal/cli/cli.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/internal/cli/cli.go b/internal/cli/cli.go
index 157a67d32..05ce8b15f 100644
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -15,6 +15,7 @@ import (
 	"github.com/auth0/auth0-cli/internal/ansi"
 	"github.com/auth0/auth0-cli/internal/auth0"
 	"github.com/auth0/auth0-cli/internal/display"
+	"github.com/lestrrat-go/jwx/jwt"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"gopkg.in/auth0.v5/management"
@@ -79,7 +80,23 @@ func (c *cli) isLoggedIn() bool {
 	// No need to check errors for initializing context.
 	_ = c.init()
 
-	return c.tenant != ""
+	if c.tenant == "" {
+		return false
+	}
+
+	// Parse the access token for the tenant.
+	t, err := jwt.ParseString(c.config.Tenants[c.tenant].AccessToken)
+	if err != nil {
+		return false
+	}
+
+	// Check if token is valid.
+	if err = jwt.Validate(t); err != nil {
+		return false
+	}
+
+	return true
+
 }
 
 // setup will try to initialize the config context, as well as figure out if