Migrating From v6 to v7

Hi,
our App uses a refresh token which is valid for multiple years. After updating to v7 the refresh token is invalid; exception:
ID token is required but missing. System.Exception Auth0.AuthenticationApi.Tokens.IdTokenValidationException

For us it’s not an option to logout the user and trigger a re-login.

I have tried multiple things to get the refresh token from v6 working in v7, but it didn’t work.
So my question is: How would an upgrade strategy for the refresh token look like?

Current v6 Code:

public async Task<AccessToken> GetAccessTokenAsync(string refreshtoken)
{
    var accessToken = new AccessToken();
    try
    {
        var client = CreateAuthClient();
        var token = await client.GetTokenAsync(new RefreshTokenRequest()
        {
            Audience = _options.CustomerApp.Audience,
            ClientId = _options.CustomerApp.ClientId,
            ClientSecret = _options.CustomerApp.ClientSecret,
            RefreshToken = refreshtoken,
        });
        accessToken.Token = token.AccessToken;
        accessToken.ExpiryDate = DateTime.Now.AddSeconds(token.ExpiresIn - 60);
        return accessToken;
    }
    catch (ApiException ex)
    {
        if (ex.ApiError.Error == "invalid_grant")
        {
            return accessToken;
        }
        throw;
    }
}

public async Task<AccessTokenResponse> AuthCustomerAsync(string phone, string code, CancellationToken cancelationToken)
{
var client = CreateAuthClient();

var token = await client.GetTokenAsync(new ResourceOwnerTokenRequest
{
    Username = GenerateEmail(phone),
    Password = GeneratePassword(code),
    ClientId = _options.CustomerApp.ClientId,
    ClientSecret = _options.CustomerApp.ClientSecret,
    Audience = _options.CustomerApp.Audience,
    Scope = "offline_access",
}).ConfigureAwait(false);

return token;

}

Having a refresh token valid for a couple of years is definitely not a secure option. Can you tell me more about what part of our stack you use? Any docs , quickstarts? Thanks!

In the .Net 3.1 backend application we are using these nuget packages:
Auth0.AuthenticationApi, Auth0.ManagementApi
Does that help you?
Regarding security we had to make some compromises to meet our usability goals …

Furthermore, I have tried a couple of things to generate a refresh token with v6 which is also valid in v7, but I had no luck. Is this possible?

I don’t have that much of .NET experience so let me discuss it with my colleagues. I’ll get back to you soon!

1 Like

Something new about that? Thanks!

Okay I guess it’s not possible to use my v6 refresh tokens in v7 and in general it’s also not possible to generate refresh tokens in v6 which are valid in v7.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.