Null refresh token

We are refreshing the token using /oauth/token every time our app resumes and this has worked during dev. We are about to release the app to prod however our testers have raised that upon continue resuming of the app the refresh token then stops working. Upon investigation we found out this is caused by a null refresh token being returned from the API.

I’m thinking we are not doing this right and then auth0 gets upset and decides to stop giving us a new token?

Thanks

Have you seen these older posts?

1 Like

Thanks for contributing to this thread Michael!

Hi Guys
I know it’s old, but if someone is coming here after googling it’s very simple.
In your Auth0 application settings tab → Refresh Token Rotation, set that on, so when you do a refreshtokenasync(oldrefreshtoken), this will return a new refreshtoken in the response.

If the setting is off you have to use the original refreshtoken as the parameter in refreshtokenasync(firstrefreshtokenreturned), that was returned during the login flow.

Also, if you are not getting any refereshtoken, make sure your API as offline_access turned on.

Hope it helps someone

1 Like