I’m trying to check if my token is expired using the method hasValidCredentials() provided by SecureCredentialsManager, but when the token actually expires, that method returns true as when it is valid. Basically, this method always returns true.
I’m using Auth0 SDK version 2.8.0 for Android, universal login with WebAuthProvider, allowing the refresh token with “openid profile email offline_access” in the scope.
Hey there @patricia.dev welcome to the community!
I believe the behavior you are experiencing here is expected due to the inclusion of the
offline_access scope - You’re receiving a refresh token as well as access/id tokens and these are being automatically renewed by the
SecureCredentialsManager class, this is noted in the Basic Credentials Manager docs here.
Hope this helps!
Hey, thank you for the welcome!
Yes, I’m receiving a token and a refresh token due to offline_access and I’m controlling the expiration time of each in my tenant, in fact, the refresh token and the token expires at the same time. In addition, I know when my tokens are expired because I receive a specific error by my PHP API.
So, before refreshing my token by the SecureCredentialsManager, I receive an error by my PHP API which checks if the token I’m sending is valid, and then I check if that error is true.
The flow I’m following is this:
- Connect to any endpoint in my PHP API implementing auth0 (with a expired token)
- PHP API sends me an error
- SecureCredentialsManager.hasValidCredentials() (checks whether my token is expired)
- SecureCredentialsManager.getCredentials() (renew token)
Then, I believe the function hasValidCredentials should give me a false value, correct me if I’m wrong.
Thank you !