Access token from /oauth/token becomes invalid when trying to reuse it for /userinfo even without revoking it
Hey there @dev40!
Access Tokens for /userinfo
do typically have a lifetime of 24 hours as outlined here - Perhaps they are expiring?
Hi @tyf thanks, even without the 24-hour lifetime, the access token we get from /oauth/token cant be reused. It seems like it becomes invalid when the user closes the browser and ends the session. We are trying to refresh the connection using the access token or refresh token from the last login without trying to ask the user to re-login. we are looking, what correct token to use?
@tyf any updates for this concern? One of our scenario is generating a token via API in our local using IIS express and VS, when we stop the session and start another one the token becomes invalid.
@tyf any updates for this concern?
Hi there @dev40 sorry for the delayed response!
I’m not really sure what could be going on here as the access token is self contained and is valid until it is not (expired).
It depends on your environment and/or Auth0 SDK you are using - Most implementations rely on silent authentication wherein the SDK/code checks for an Auth0 session, and if there is one access/ID tokens are returned without ever prompting the user to login. Some more on silent authentication and SSO in an OIDC context below:
Hope this helps!
@tyf what is the best way to handle if the token from Authorization Code became invalid?
Are you able to elaborate on this a bit? Are you referring to a similar scenario as above where the access and/or ID token received during an Authorization Code flow is invalid? Or the authorization code itself being invalid?
If you can share a specific error and or perhaps even screenshots that could be helpful!
@tyf I already saw the issue and it’s about SSL/TLS secure channel. I just added something for this
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.