Clarification about refreshing access token

stefan.boitschuk · March 26, 2025, 11:16am

Hi,
i use react-native-auth0 in my react native expo app and have refresh token rotation enabled. Once the access token is expired I call the getCredentials() hook to request a new token pair. The way i currently understand it is, the maximum refresh token lifetime is not reset after a new token pair is issued.

I did a test with:
Access Token life time: 5 seconds
Maximum refresh token life time: 10 seconds
Login → 6 seconds wait → getCredentials() call: new token pair is issued → 6 seconds wait → getCredentials() call: the refresh fails → new login is required

Is this the way it should work or have I overlooked something here?

rueben.tiow · March 26, 2025, 5:51pm

Hi @stefan.boitschuk,

Welcome to the Auth0 Community!

Yes, this is correct! The maximum token lifetime of a refresh token does not extend when tokens are rotated.

I recommend taking a look at our Configure Refresh Token Rotation which mentions this.

Let me know if you have any other questions.

Thanks,
Rueben

stefan.boitschuk · March 27, 2025, 3:49pm

HI @rueben.tiow,

thanks for the quick replay and clarification.

many thanks

system · April 10, 2025, 3:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ReactNative - getCredentials returns undefined when a token is expired Get Help login-experience , new-universal-login-experience	2	957	January 19, 2024
Refresh token doesn't triggered automatically Get Help login-experience , new-universal-login-experience	1	979	September 14, 2023
Rotating refresh token locking users out after expiry Get Help	5	6592	November 25, 2020
Clarifying Refresh Token Rotation in Auth0 Knowledge Articles refresh-tokens , refresh-token-rotate	1	270	September 12, 2024
Refresh token expiry cases Get Help refresh-tokens , refresh-token-rotate	3	3597	November 25, 2021

Clarification about refreshing access token

Related topics