I followed the React starting guide and successfully implemented session cookie based authentication in our react frontend. Now I’d like to switch to using rotating refresh tokens but am facing problems to do so. I read this blog post and followed this implementation.
getAccessTokenSilently with the audience parameter set to get an access token for further requests to my backend API. The react application falls back to session based authentication and does not use the refresh token to get a new access token.
I’m wondering whether I misunderstood some basic concept. Should one use rotating refresh tokens in a setup with a SPA frontend and some backend APIs?
If yes, I’d be really happy if someone could explain to me how to implement rotating refresh tokens with audience parameter in React?
Thanks for you support