SPA & Refresh Token

dedicatedmanagers · May 11, 2020, 10:49pm

In the post How does auth0-spa-js store tokens, @mathiasconradt a Sr. Solutions Engineer for Auth0 writes:

There’s never a refresh token in a SPA scenario.

Yet there’s a knowledge article on Auth0 about using Refresh Tokens with SPAs:

Auth0 recommends using Refresh Token Rotation which provides a secure method for using Refresh Tokens in SPAs while providing end-users with seamless access to resources without the disruption in UX caused by browser privacy technology like ITP.

Why the discrepancy? (or am I misunderstanding something)

dan.woda · May 11, 2020, 11:04pm

Hi again @dedicatedmanagers,

The original topic you linked is from before we used refresh token rotation.

I will update it, thanks for bringing it to our attention.

dedicatedmanagers · May 12, 2020, 2:33am

That’s what I figured, just wanted to see it in writing. Thanks!

dan.woda · May 12, 2020, 8:44pm

If you see other outdated topics feel free to DM a mod or flag it. Thanks again!

system · May 27, 2020, 8:57pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.