Is it possible to get a refresh token post authenication?

I am trying to figure out a way to only have 1 refresh token per user as suppose to just getting one every time the individual logs in. This means I need either check if I have a non blacklisted refresh token just before authentication and alter the scope or just after I have authenticated. Ideally, I would want to do this after the authentication process so I don’t need to check the database every failed login attempt. Is there a way to get a refresh token post authentication?

The only way to get a refresh token would be to issue a new authorize request with the offline_access scope. But if the user has a session and has previously gave consent to the application for offline access, then the user might not see any interactive prompts.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.