Persistent access tokens

I want to accomplish the following user experience to access our API via a python library.

  1. A user logs in their user profile at our website login.domain.tld using the Auth0 Login flow.

  2. In the user profile an access token is presented, which can be copied or regenerated.

  3. The user copies the token and pastes in the python code to make requests to our API.

The access token:

  • contains a custom role claim

  • contains a date of issuance iat and expiration exp

  • is renewed every time the user logs in at the above domain (the user profile)

  • can be used until it expired

The problem is that the maximum time of an access token is 30 days, which is a bit short for python CLI tools that access our API regularly and over long periods of time.

I have tried m2m tokens, but they seem to just be access tokens as well and device authentication for python CLI scripts, works, but only gives me an id token without role claim.

How can I solve the problem of renewing access tokens (or not letting them expire) without the users interaction to login again to regenerate a new token?

:wave: @MichaelJ

Welcome to the Community :sunglasses:

:thinking: I believe what you are looking for is our docs on Auth0 support for Refresh Tokens.

Hope that helps :slight_smile:

2 Likes

I think what you described is called PAT = personal access token similar like Github Has not sure if Auth0 has this kind of tokens…

1 Like

In regards to PAT, this might be useful:

Cheers!

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.