Hey folks! 
Back with another installment of monthly quick tips on trending search terms in the community. Here are a handful from the past month:
Refresh Tokens
- In short, refresh tokens in Auth0 are long-lived tokens used to renew access tokens without needing the user to log in again, ensuring continuous access while enhancing security. Refresh tokens enhance silent authentication by providing a more secure and reliable method for renewing access tokens compared to traditional silent authentication methods that don’t use refresh tokens. Traditionally, silent authentication involves using an iframe to renew tokens, which can be limited by browser security policies like third-party cookie restrictions. Refresh tokens, on the other hand, avoid these limitations and offer a direct, backend process for token renewal, ensuring consistent access even in increasingly stringent browser environments.
- Related: Refresh token rotation.
Logout
Logout pertains to terminating user sessions at multiple layers. It involves ending the local application session, the Auth0 session, and potentially federated identity provider sessions. This ensures the user is fully logged out and cannot access secured resources without re-authenticating, providing a comprehensive approach to session management and security.
Too many redirects Safari
-
Review redirect URLs: Ensure that the redirect URLs specified in Auth0 and your application are correct and do not create a loop.
-
Verify your Auth0 application settings, especially the allowed callback URLs, logout URLs, and allowed origins.
-
Review the following FAQ:
Passkeys
- Auth0 incorporates passkeys as a modern alternative to conventional passwords, utilizing public-key cryptography for enhanced security. This approach streamlines the authentication process, offering a user-friendly experience while significantly reducing the vulnerabilities associated with traditional password-based systems.