I did some further experimentation, specifically:
- Set the lifetime value for RT to 1s (SPA dashboard)
- Set the lifetime value for AT to 1s (backend api dashboard)
Then indeed I see new calls to
authorize (when RT expires) and to
oauth/token (when AT expires).
@john.gateley could you confirm if I’m on the right track here?
Btw, if this is indeed correct then enabling token refresh is a more complex process than the docs describe:
"useRefreshTokens": true to frontend config
- enable RT in SPA (frontend) dashboard
- enable offline_access in api (backend) dashboard
Docs only mention (1) above. @john.gateley am I getting this right?
(writing this out mostly for my future self and anyone else having the problem)