we are trying to integrate refresh tokens in our application.
As the token lifetime is to short for us and we cannot financially upgrade to enterprise plan as a startup, we are trying to use the refresh token to keep the user logged in.
We have a custom wrapper in which when the user is not authenticated we do the following:
→ Get the refresh token out of the local storage. (LS key is: ´@@auth0spajs@@::${process.env.AUTH0_CLIENT_ID}::https://${process.env.AUTH0_DOMAIN}/api/v2/::openid profile email offline_access` )
→ Call “/oauth/token” endpoint with grant_type “refresh_token” and the refresh_token from the local storage
→ We get a new access token from the call and with this we replace the current auth0 data in local storage with the new data
But the user is, after redirecting him to the main page, still not authenticated.
Why is auth0 not taking the data from the local storage?
How can we update the access token?
Is there another place where we need to set the new access_token?
Can we make auth0 register that i have updated the access_token?
Thanks for the detailed description of what you’re working with - Is there a reason in particular you aren’t using getTokenSilently() with refresh token rotation?
We are using the the package “auth0/auth0-react” in our app, so we dont have the “getTokenSilently” call.
We are using the getAccessTokenSilently() after setting the new access token that we got from “/oauth/token” to the local storage. We were hoping that that would register that the user is logged in again but sadly it does not.
We also have the refresh token rotation enabled in our application but it does not seem to be working. Also the Tag in our “_app.tsx” file has the flag “useRefreshTokens” set to true.