SPA & Refresh Token

In the post How does auth0-spa-js store tokens, @mathiasconradt a Sr. Solutions Engineer for Auth0 writes:

There’s never a refresh token in a SPA scenario.

Yet there’s a knowledge article on Auth0 about using Refresh Tokens with SPAs:

Auth0 recommends using Refresh Token Rotation which provides a secure method for using Refresh Tokens in SPAs while providing end-users with seamless access to resources without the disruption in UX caused by browser privacy technology like ITP.

Why the discrepancy? (or am I misunderstanding something)

Hi again @dedicatedmanagers,

The original topic you linked is from before we used refresh token rotation.

I will update it, thanks for bringing it to our attention.

That’s what I figured, just wanted to see it in writing. Thanks!

1 Like

If you see other outdated topics feel free to DM a mod or flag it. Thanks again!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.