How do refresh token works in auth0 angular12 using auth0/auth0-angular?

Help
, ,
1

Hi,
I’m trying to use refreshed token for calling the backend API when existing token gets expired
with auth0 in angular12 SPA, But i’m not finding any proper explanation in any documentation.

I’ve tried calling getTokenSilently() method which resulting the Token, but i’m not sure that is that a correct one or not as i’m still recieveing 401!
I am completely lost with it, should i’ve to call getIdTokenClaims again ?, or i’ve to use token returned by method getTokenSilently() ?
or i’ve to use token returned by method getTokenSilently() to get the access token ?

Here is my configuration of auth0 as per the documentation of Refresh Token.

AuthModule.forRoot({
      domain: environment.auth0_client_domain,
      clientId: environment.auth0_client_id,
      audience: `${environment.audience}`,
      useRefreshTokens: true,
      httpInterceptor: {
        allowedList: [`${environment.serverUrl}/*`],
    }
}),

Here also, i’ve modified all the settings in auth0 dashboard as per the documentation

API settings
API settings1548×680 74.6 KB

enable-refresh-token-rotation
enable-refresh-token-rotation797×407 30.8 KB

Additionally , i’ve set ID Token Expiration to 60 sec, but i’m still able to use that token for longer, so is there anything missing?

image
image1414×398 30.3 KB

Regards,
Purvi.

2

Any update on this thread?

3

Having the same issue, any updates or documentation on how refresh token for angular ?

5

Hey there @emrose11 welcome to the community!

There are 3 things you need to do to enable your Angular app to use refresh tokens:

  • Be sure the registered API for which you are passing the identifier as the audience param has “Allow Offline Access” enabled in the API’s settings in your dashboard. In the sample application you set the audience param in auth_config.json.

  • Turn on refresh token rotation for the relevant SPA application in your dashboard.

  • Set useRefreshTokens: true in your AuthConfig. Here’s a working example app. If you’d like to test, go to /sample-01 and follow the steps to get it up and running in your environment.

For testing purposes I recommend setting a short lived access token lifetime in your API settings. With the app up and running, log in, wait until the access token has expired (60 seconds for example), navigate to the “external api” page, and click “ping api”. Assuming your access token has expired, this will kick off a refresh token exchange using the stored refresh token. You can verify this is all successful by navigating to monitoring → logs and looking for a successful refresh token exchange.

1 Like
6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.