SPA & Refresh Token

dedicatedmanagers · May 11, 2020, 10:49pm

In the post How does auth0-spa-js store tokens, @mathiasconradt a Sr. Solutions Engineer for Auth0 writes:

There’s never a refresh token in a SPA scenario.

Yet there’s a knowledge article on Auth0 about using Refresh Tokens with SPAs:

Auth0 recommends using Refresh Token Rotation which provides a secure method for using Refresh Tokens in SPAs while providing end-users with seamless access to resources without the disruption in UX caused by browser privacy technology like ITP.

Why the discrepancy? (or am I misunderstanding something)

dan.woda · May 11, 2020, 11:04pm

Hi again @dedicatedmanagers,

The original topic you linked is from before we used refresh token rotation.

I will update it, thanks for bringing it to our attention.

dedicatedmanagers · May 12, 2020, 2:33am

That’s what I figured, just wanted to see it in writing. Thanks!

dan.woda · May 12, 2020, 8:44pm

If you see other outdated topics feel free to DM a mod or flag it. Thanks again!

system · May 27, 2020, 8:57pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How does auth0-spa-js store tokens Help refresh-tokens	8	16399	September 27, 2019
Renewal of tokens in a SPA Help spa , refresh-tokens , tokens	3	7127	March 2, 2018
If SPA's don't use refresh tokens, why is there a setting for them? Help	4	2938	August 12, 2020
How to Use Refresh Tokens in a SPA? Knowledge Articles auth0 , spa , refresh-tokens	0	576	June 3, 2024
New auth0 spa js Help	4	3164	October 4, 2019

SPA & Refresh Token

Related Topics