Setting new access-Token after getting it from /oauth/token endpoint with refresh token

IgorAdm · March 27, 2023, 1:04pm

Hey,

we are trying to integrate refresh tokens in our application.

As the token lifetime is to short for us and we cannot financially upgrade to enterprise plan as a startup, we are trying to use the refresh token to keep the user logged in.

We have a custom wrapper in which when the user is not authenticated we do the following:

→ Get the refresh token out of the local storage. (LS key is: ´@@auth0spajs@@::${process.env.AUTH0_CLIENT_ID}::https://${process.env.AUTH0_DOMAIN}/api/v2/::openid profile email offline_access` )
→ Call “/oauth/token” endpoint with grant_type “refresh_token” and the refresh_token from the local storage
→ We get a new access token from the call and with this we replace the current auth0 data in local storage with the new data

But the user is, after redirecting him to the main page, still not authenticated.

Why is auth0 not taking the data from the local storage?
How can we update the access token?
Is there another place where we need to set the new access_token?
Can we make auth0 register that i have updated the access_token?

Kind regards

ty.frith · March 28, 2023, 12:02am

Hey @IgorAdm !

Thanks for the detailed description of what you’re working with - Is there a reason in particular you aren’t using getTokenSilently() with refresh token rotation?

Let us know!

IgorAdm · March 28, 2023, 6:36am

Hello @tyf,

thank you for your awnser.

We are using the the package “auth0/auth0-react” in our app, so we dont have the “getTokenSilently” call.

We are using the getAccessTokenSilently() after setting the new access token that we got from “/oauth/token” to the local storage. We were hoping that that would register that the user is logged in again but sadly it does not.

We also have the refresh token rotation enabled in our application but it does not seem to be working. Also the Tag in our “_app.tsx” file has the flag “useRefreshTokens” set to true.

ty.frith · April 7, 2023, 11:51pm

Sorry for the delayed response here, and thanks for clarifying!

What exactly do you mean by register that the user is logged in?

Do you mind sharing your Auth0Provider configuration code? Which version of auth0-react are you using?

Let us know if you have a chance!

Topic		Replies	Views
Getting access token using refresh token Get Help sessions , rotating-refresh-tokens	3	1537	August 10, 2023
Getting the Refresh Token From React Auth0 SDK Get Help auth0	2	4604	May 25, 2022
Implementation rotating refresh tokens Get Help jwt , auth0	2	2827	September 24, 2020
How to get refresh token like getAccessTokenSilently? Get Help auth0 , reactjs	3	4231	July 29, 2022
How to get a new access token by current access token or refresh token in auth0-react? Get Help configuration , application	3	7573	March 29, 2023

Setting new access-Token after getting it from /oauth/token endpoint with refresh token

Related topics