Found this question which asks about exactly the same problem:
- user logs in (frontend application gets an
access_token
); - user updates its profile, frontend sends information to the backend, backend calls the
Management API
- user’s
access_token
is now out of date on the frontend; - we want it to be up to date;
-
read this tutorial - mentions that
refresh_token
exists but doesn’t show how to implement them. -
read this tutorial - it says that SPA applications should use the ** Authorization Code Flow with Proof Key for Code Exchange (PKCE)** along with Refresh Token Rotation
-
read this and configured the refresh token rotation in my application;
-
read this to understand and implement Authorization Code Flow with PKCE - and this content led me to look for tutorials for SPA applications;
-
read this and this is where it really frustrated me. There is no example of how to do the refresh token rotation along with the Authorization Code Flow with PKCE in these quickstarts.
Watched the videos in Auth0’s YouTube channel and re-read the Next.js tutorial a few times.
Can someone, please tell me. In a Next.js application, how do I refresh my user’s access_token
to reflect the latest information on his profile without asking him to login again?