I’m trying to get a full offline experience when the user doesn’t have an Internet connection.
The issue is CredentialsManager.credentials() triggers an error when the access_token is expired.
I guess that’s the standard behavior but as there is no an internet connection I can’t access to the credentials anymore.
I’m using Auth0 to store the tokens.
How can I make it work?
Do I need to store the credentials on the app instead of relying on Auth0?
This is indeed expected behavior as even if the tokens are expired and CredentialsManager has a refresh token to use, it won’t be able to refresh the tokens against the authorization server (Auth0) without an internet connection.
The SDK can’t generate new valid tokens locally without contacting the server because the tokens are signed by the server using a secret key that only the server knows. This is a key aspect of how these tokens are secure, and it prevents tokens from being tampered with.
You would need to implement this outside of Auth0 in your app to achieve any sort of functionality with a expired tokens and no internet connection to renew them. The only workarounds I can really think of may be to allow some functionality to work offline taking advantage of cached data, secure local storage, etc. regardless of token validity. The other option I might recommend is using longer-lived tokens to begin with. This of course all needs to be weighed against the potential security implications.