We have recently implemented Google refresh tokens as part of our login request. I was unaware of the 200 refresh token limit and we were not storing the refresh tokens on our side prior to some of our users reaching that limit. For the users that have reached that limit, no refresh token is being returned on the /users/{userId} api request.
Any advice on how we can get one of the access tokens for those users? do we need to reset the auth0 user?
From our docs it sounds like a new token should replace an old one if you hit the limit. Are you not seeing this behavior? Could you also please give an example of the request you are using to retrieve the token (omit sensitive data).
Once that limit is reached and I see the token cleanup in my tenant logs for those users, the refresh token property is not returned in the identities array.
Prior to the refresh token limit being hit, the refresh token value is included in that response as part of the identities array along with the access token.
The same request I make prior to the limit being hit does not return a refresh token once the limit is reached and the cleanup happens. The property is not in the user response where I get it prior to the limit being reached.