Setting new access-Token after getting it from /oauth/token endpoint with refresh token


we are trying to integrate refresh tokens in our application.

As the token lifetime is to short for us and we cannot financially upgrade to enterprise plan as a startup, we are trying to use the refresh token to keep the user logged in.

We have a custom wrapper in which when the user is not authenticated we do the following:

→ Get the refresh token out of the local storage. (LS key is: ´@@auth0spajs@@::${process.env.AUTH0_CLIENT_ID}::https://${process.env.AUTH0_DOMAIN}/api/v2/::openid profile email offline_access` )
→ Call “/oauth/token” endpoint with grant_type “refresh_token” and the refresh_token from the local storage
→ We get a new access token from the call and with this we replace the current auth0 data in local storage with the new data

But the user is, after redirecting him to the main page, still not authenticated.

Why is auth0 not taking the data from the local storage?
How can we update the access token?
Is there another place where we need to set the new access_token?
Can we make auth0 register that i have updated the access_token?

Kind regards

Hey @IgorAdm !

Thanks for the detailed description of what you’re working with - Is there a reason in particular you aren’t using getTokenSilently() with refresh token rotation?

Let us know!

Hello @tyf,

thank you for your awnser.

We are using the the package “auth0/auth0-react” in our app, so we dont have the “getTokenSilently” call.

We are using the getAccessTokenSilently() after setting the new access token that we got from “/oauth/token” to the local storage. We were hoping that that would register that the user is logged in again but sadly it does not.

We also have the refresh token rotation enabled in our application but it does not seem to be working. Also the Tag in our “_app.tsx” file has the flag “useRefreshTokens” set to true.

Sorry for the delayed response here, and thanks for clarifying!

What exactly do you mean by register that the user is logged in?

Do you mind sharing your Auth0Provider configuration code? Which version of auth0-react are you using?

Let us know if you have a chance!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.