Auth0 Home Blog Docs

Do I need to store IDP access_token + refresh_token on my own, or I can use Auth0?

access_token
tokens
refresh_token
idp

#1

After I successfully authenticate on an external IDP, I can use the Management API to retrieve the IDP access_token and refresh_token.
Using the IDP access_token I’ll be able to call the services provided by the IDP.
And using the IDP /refresh endpoint I’ll be able to obtain a new access_token + new refresh_token.
But, at this point, I’ll be forced to store the new tokens on my own database?
Or is there a way to update the old tokens values contained in Auth0 identities[0] with the new values I got from the IDP?


#2

To my knowledge, those properties are only settable at authentication time when the authentication flow is processed through Auth0 so if the underlying identity provider issues a new refresh token you should store it in your own data store.


#3