Then we store the jwt token data in local storage in encrypted format.
From domain code user can navigate to App Code 1 or App Code 2.
Jwt token data is shared among all apps cause there domain is common.
Problem arises when i try to renew user token data as coz of Business requirement id_token expires in 1 hours(Security Issues), and we have logic which must refresh data in every 1 hour of active user participation.
Please suggest a possible way to get a new token without refreshing the page.
The Refresh operation can be performed server-side, if you implement code like available in our documentation: Use Refresh Tokens
If you are looking for a full solution already built for this, Auth0 does not provide that - we provide you with the infrastructure and the tooling so that you can use it. This will, yes, require work on your application and server in order to implement. What I am recommending here is:
1.- Your application detects the kind of usage that you mention
2.- Your application makes a call to your server in order to refresh the token
3.- Your server refreshes the token and passes the new access token and refresh token to your application
4.- From that point on, your application consumes the new access token
Also, to provide clarity, just wanted to make sure you knew that Refresh Tokens should only be stored and exchanged in a secure environment. This means that this should be a server-side operation, rather than a client-side operation with a callback and a redirect. This would be considered insecure, as the browser is in the middle.
