Can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

kazlauskis · October 1, 2020, 7:31pm

It works well when using rotating refresh tokens but the problem is that the user would potentially have to re-login every 90 days (max expiry for rotating tokens).

Implementing Authorization Code Flow (PKCE) in a Cordova app sets ‘origin’ header in the requests and Auth0 then doesn’t include the refresh token. Omitting the origin header would work and if this was a native app then I think this would work.

Resource Owner Password flow would work too but this approach isn’t recommended.

So my question is can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

Thanks!

mohammadz · November 20, 2020, 6:50pm

I’m having the same issue using Ionic. I have my native app as OIDC conformant (I made this app in 2020 not 2017 so it’s not legacy) and have the advanced setting with the grant of refresh token enabled. For the scope in the app itself I use scope: 'openid profile offline_access' this includes the offline_access scope.I double checked the docs and this is related to getting the refresh token for the app. I have no rules or anything like setup so I don’t know why it’s not returning the refresh token.

mohammadz · November 20, 2020, 6:55pm

Looks like this Refresh tokens · Issue #120 · auth0/auth0-cordova · GitHub
answers my problem.

Topic		Replies	Views
Not getting a refresh token from Auth0.authorize() - PKCE Help	3	5359	September 25, 2019
Using PKCE with auth0-cordova and ionic 5 for refresh tokens Help auth0 , login , refresh-tokens , pkce	0	3069	November 23, 2020
Refresh token within Ionic App Help auth0js , renewauth , ionic2	4	5625	March 2, 2018
Renew passwordless idToken in cordova app Help	7	3915	January 22, 2019
Auth0 Cordova - Refresh Tokens Help cordova , refresh-tokens	3	4629	March 2, 2018

Can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

Related Topics