Can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

kazlauskis · October 1, 2020, 7:31pm

It works well when using rotating refresh tokens but the problem is that the user would potentially have to re-login every 90 days (max expiry for rotating tokens).

Implementing Authorization Code Flow (PKCE) in a Cordova app sets ‘origin’ header in the requests and Auth0 then doesn’t include the refresh token. Omitting the origin header would work and if this was a native app then I think this would work.

Resource Owner Password flow would work too but this approach isn’t recommended.

So my question is can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

Thanks!

mohammadz · November 20, 2020, 6:50pm

I’m having the same issue using Ionic. I have my native app as OIDC conformant (I made this app in 2020 not 2017 so it’s not legacy) and have the advanced setting with the grant of refresh token enabled. For the scope in the app itself I use scope: 'openid profile offline_access' this includes the offline_access scope.I double checked the docs and this is related to getting the refresh token for the app. I have no rules or anything like setup so I don’t know why it’s not returning the refresh token.

mohammadz · November 20, 2020, 6:55pm

Looks like this Refresh tokens · Issue #120 · auth0/auth0-cordova · GitHub
answers my problem.

Topic		Replies	Views
Using PKCE with auth0-cordova and ionic 5 for refresh tokens Help auth0 , login , refresh-tokens , pkce	0	3068	November 23, 2020
Refresh token within Ionic App Help auth0js , renewauth , ionic2	4	5622	March 2, 2018
Ionic 3.9.2 Access Tokens via auth0/cordova Help cordova , ionic , access-token , ionic2	2	4072	December 14, 2018
Cannot get refresh token from Authorization Code Flow with PKCE Help refresh-token , refresh-tokens	5	4183	February 25, 2021
Refresh Token missing on authorize Help	9	5084	May 8, 2020

Can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

Related Topics