Migrating From v6 to v7

msdiego2k · June 23, 2020, 7:15am

Hi,
our App uses a refresh token which is valid for multiple years. After updating to v7 the refresh token is invalid; exception:
ID token is required but missing. System.Exception Auth0.AuthenticationApi.Tokens.IdTokenValidationException

For us it’s not an option to logout the user and trigger a re-login.

I have tried multiple things to get the refresh token from v6 working in v7, but it didn’t work.
So my question is: How would an upgrade strategy for the refresh token look like?

Current v6 Code:

public async Task<AccessToken> GetAccessTokenAsync(string refreshtoken)
{
    var accessToken = new AccessToken();
    try
    {
        var client = CreateAuthClient();
        var token = await client.GetTokenAsync(new RefreshTokenRequest()
        {
            Audience = _options.CustomerApp.Audience,
            ClientId = _options.CustomerApp.ClientId,
            ClientSecret = _options.CustomerApp.ClientSecret,
            RefreshToken = refreshtoken,
        });
        accessToken.Token = token.AccessToken;
        accessToken.ExpiryDate = DateTime.Now.AddSeconds(token.ExpiresIn - 60);
        return accessToken;
    }
    catch (ApiException ex)
    {
        if (ex.ApiError.Error == "invalid_grant")
        {
            return accessToken;
        }
        throw;
    }
}

public async Task<AccessTokenResponse> AuthCustomerAsync(string phone, string code, CancellationToken cancelationToken)
{
var client = CreateAuthClient();

var token = await client.GetTokenAsync(new ResourceOwnerTokenRequest
{
    Username = GenerateEmail(phone),
    Password = GeneratePassword(code),
    ClientId = _options.CustomerApp.ClientId,
    ClientSecret = _options.CustomerApp.ClientSecret,
    Audience = _options.CustomerApp.Audience,
    Scope = "offline_access",
}).ConfigureAwait(false);

return token;

}

konrad.sopala · June 23, 2020, 10:14am

Having a refresh token valid for a couple of years is definitely not a secure option. Can you tell me more about what part of our stack you use? Any docs , quickstarts? Thanks!

msdiego2k · June 23, 2020, 10:57am

In the .Net 3.1 backend application we are using these nuget packages:
Auth0.AuthenticationApi, Auth0.ManagementApi
Does that help you?
Regarding security we had to make some compromises to meet our usability goals …

Furthermore, I have tried a couple of things to generate a refresh token with v6 which is also valid in v7, but I had no luck. Is this possible?

konrad.sopala · June 23, 2020, 11:11am

I don’t have that much of .NET experience so let me discuss it with my colleagues. I’ll get back to you soon!

msdiego2k · June 29, 2020, 11:45am

Something new about that? Thanks!

msdiego2k · July 6, 2020, 2:46pm

Okay I guess it’s not possible to use my v6 refresh tokens in v7 and in general it’s also not possible to generate refresh tokens in v6 which are valid in v7.

system · September 11, 2020, 11:49am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Refresh token not generating id_token Get Help token , id_token , refresh-tokens , access-token	2	3721	March 2, 2018
Auth0.AuthenticationApi .NET - Using AuthenticationApiClient to refresh token Get Help .net , refresh-tokens , authenticationapi	5	6878	March 2, 2018
How to generate New Token from refresh Token? Get Help auth0 , android	2	3486	August 29, 2019
Do refresh tokens from legacy /ro endpoint work with new /token endpoint? Get Help legacy , refresh-tokens , react-native	4	4548	March 2, 2018
Refresh-tokens should be handled more gracefully Get Help refresh-tokens	4	5215	June 14, 2019

Migrating From v6 to v7

Related topics