Auth0 Home Blog Docs

Invalid Refresh Token

refresh-tokens
refresh_token

#1

I have cases where we get an Invalid Refresh Token response from Auth0. It’s an HTTP 403 response. Under what scenarios would this happen? I have 80% of my refresh tokens working fine, but some of them get this response. I’d like to be able to handle this better, but I can’t handle it if I don’t know why it’s happening.

Similar question here, still unanswered sufficiently:
https://community.auth0.com/t/what-causes-invalid-refresh-token-errors/


Invalid Refresh Token - Take 3
#2

An invalid refresh token can occur if:

One important detail is that when you revoke a token, for security reasons the grants associated with that token are deleted. This means that all other refresh tokens issued to the same combination of application, user and audience effectively become invalid. If you are revoking refresh tokens as part of your flow, this might explain it.


#3

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.