Greetings,
Our team is facing some problems with auth0 in mobile apps (both, Android and iOS). We have looked through a lot of topics here but couldn’t find answers to our questions.
The problem we’re facing is auth0 returns “Unknown or invalid refresh token” for some users when the refresh token is not supposed to expire.
We login our users as recommended in the documentation.
iOS
func requestWebAuthLogin(callback: @escaping (Result<Credentials, WebAuthError>) → Void) {
Auth0
.webAuth(client, domain) // we use our client, domain
.scope(“openid offline_access”)
.audience(audience) // we use our audience
.useEphemeralSession()
.parameters([“prompt”: “login”])
.start { /* our callback logic and saving credentials */ }
}
}
Android
login(auth0) // auth0 instance with our client and domain
.withParameters(mapOf(“prompt” to “login”))
.withAudience(audience) // we use our audience
.withScheme(scheme) // we use our scheme
.withScope("openid offline_access")
.start( /* our callback logic and saving credentials */ )
And retrieve the token to reauthenticate them:
iOS
credentialsManager.credentials(minTTL: 6 * 60) {
/* our callback logic */
}
Android
credentialsManager.getCredentials(
null,
6 * 60,
/* our callback logic */
)
Our refresh token configurations are:
