Despite of including the offline_access
in scope, the token seems to expires overnight - I’m thinking its because of inactivity of the app. This is an implementation within the native iOS app. Any help with be greatly appreciated.
That scope signals to the authorization server that a refresh token should be returned; have in mind that the fact that the client application asks for a refresh token does NOT necessary imply that one would be returned as the authorization server policies may prevent refresh tokens from being returned in that particular case.
In addition to that, obtaining a refresh token still implies that the client application needs to use that refresh token to obtain a new access token when the previous one expires. In other words, access tokens will continue to have an expiration.
Having said that some SDK’s may automatically try to renew an access token if a refresh token is available which would mean these implementation details would be hidden from you. You did not mentioned any use of a particular SDK or included any sample code snippets so it’s hard to be more specific.
class Auth0SessionManager {
static let shared = Auth0SessionManager()
private let authentication = Auth0.authentication()
let credentialsManager: CredentialsManager!
var profile: UserInfo?
var credentials: Credentials?
var patchMode: Bool = false
private init () {
self.credentialsManager = CredentialsManager(authentication: Auth0.authentication())
_ = self.authentication.logging(enabled: true) // API Logging
}
func renewAuth(_ callback: @escaping (Error?) -> ()) {
// Check it is possible to return credentials before asking for Touch
guard self.credentialsManager.hasValid() else {
return callback(CredentialsManagerError.noCredentials)
}
self.credentialsManager.credentials { error, credentials in
guard error == nil, let credentials = credentials else {
return callback(error)
}
self.credentials = credentials
callback(nil)
}
}
func logout() -> Bool {
// Remove credentials from KeyChain
UserDefaults.standard.removeObject(forKey: GeneralAttributes.userDetails.rawValue)
UserDefaults.standard.removeObject(forKey: GeneralAttributes.markedComplete.rawValue)
self.credentials = nil
return self.credentialsManager.clear()
}
func store(credentials: Credentials) -> Bool {
self.credentials = credentials
// Store credentials in KeyChain
return self.credentialsManager.store(credentials: credentials)
}
}
func checkToken(callback: @escaping () → Void) {
Auth0SessionManager.shared.renewAuth { error in
DispatchQueue.main.async {
guard error == nil else {
print(“Failed to retrieve credentials: (String(describing: error))”)
return callback()
}
}
}
}
I am refreshing token using checkToken function when application is launched, we also get refreshed idToken from auth0 server. But it does not work when we call other apis with this token. it gives. “Unauthorised access detected"
We are trying to understand the way we need to create our login flow for our iOS app. We are requesting users to login on their browser.
@choksblah from your note it seems you’re able to get renewed token (at least you mention you can get a newer ID token), but that calling other API’s with that token fails. The ID token is mostly meant to be consumed directly by the client application (and not to call other API’s) so the error you may be expected.
Can you clarify what are the other API’s you mention?