Found this question which asks about exactly the same problem:
- user logs in (frontend application gets an
- user updates its profile, frontend sends information to the backend, backend calls the
access_tokenis now out of date on the frontend;
- we want it to be up to date;
read this tutorial - mentions that
refresh_tokenexists but doesn’t show how to implement them.
read this tutorial - it says that SPA applications should use the ** Authorization Code Flow with Proof Key for Code Exchange (PKCE)** along with Refresh Token Rotation
read this and configured the refresh token rotation in my application;
read this to understand and implement Authorization Code Flow with PKCE - and this content led me to look for tutorials for SPA applications;
read this and this is where it really frustrated me. There is no example of how to do the refresh token rotation along with the Authorization Code Flow with PKCE in these quickstarts.
Watched the videos in Auth0’s YouTube channel and re-read the Next.js tutorial a few times.
Can someone, please tell me. In a Next.js application, how do I refresh my user’s
access_token to reflect the latest information on his profile without asking him to login again?