Android Auth0, Credentials.expiresAt different than Id Token's expiry date

Here’s my use case

  • I use auth0’s lock with this scope: update:users openid read:users update:users_app_metadata core-user:test profile email offline_access
  • I get back a refresh token and a Credentials object
  • The credential’s object’s expiresAt is different than the Id token’s expiry
  • The credential’s expiresAt is a day while the id token expiry is what i set in the dashboard.
  • In auth0’s source code, i found this:
    if (credentials.getExpiresAt().getTime() > getCurrentTimeInMillis()) {
  • And if that is true, it will not call renewAuth
  • So even if the JWT has expired, the credentials SecureCredentialsManager still says it hasn’t and now I’m forced to use an expired JWT
  • Do i have to call renew myself? When do i have to call it?
  • I would’ve preferred that the getCredentials did it itself and not force me to add more renew session login in the app.

Can you provide sample code (without sensitive details) around what you’re trying to perform?