Android Auth0, Credentials.expiresAt different than Id Token's expiry date

RoudyK · January 14, 2019, 3:30am

Here’s my use case

I use auth0’s lock with this scope: update:users openid read:users update:users_app_metadata core-user:test profile email offline_access
I get back a refresh token and a Credentials object
The credential’s object’s expiresAt is different than the Id token’s expiry
The credential’s expiresAt is a day while the id token expiry is what i set in the dashboard.
In auth0’s source code, i found this:
if (credentials.getExpiresAt().getTime() > getCurrentTimeInMillis()) {
And if that is true, it will not call renewAuth
So even if the JWT has expired, the credentials SecureCredentialsManager still says it hasn’t and now I’m forced to use an expired JWT
Do i have to call renew myself? When do i have to call it?
I would’ve preferred that the getCredentials did it itself and not force me to add more renew session login in the app.

jerdog · January 21, 2019, 3:19pm

Can you provide sample code (without sensitive details) around what you’re trying to perform?

Topic		Replies	Views
payload.getExpiresAt() returns incorrect Date object JWT.io jwt , auth0	6	5154	September 5, 2019
Android - How to renew id token with refresh token? Help android , id_token , oidc-conformant , refresh-tokens	6	9104	August 20, 2019
Id token expires_in different from JWT exp Help	6	5946	September 3, 2019
Token expiry stuck at 7200 seconds Help id_token , access_token , expire	7	8701	September 17, 2018
Why are there different expiration periods for access tokens vs. id tokens? JWT.io access-token , id-token	2	7447	August 28, 2019