Expired Refresh Tokens in mobile apps

Please include the following information in your post:

  • Which SDK this is regarding: Auth0.Android
  • SDK Version: 2.8.0

How should mobile apps check if a refresh token has expired? Is it managed by the auth0 sdk?
Any answer would be appreciated.

Hey there @Izil welcome to the community!

This is managed by the SDK CredentialsManager - You can adjust the lifetime at the app level and we highly recommend using refresh token rotation. Basically, if a refresh token is not present (revoked) or expired, the SDK would just require the user to login again.

Some further reading :books:

Hope this helps!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.