Unlimited refresh token from SPA

Hello, I’m currently trying to generate unlimited refresh token (without any rotation) and fetching it directly thanks the the auth0 react library. I saw it could work only if we enable the refresh token rotation. Then if I enable the refresh token rotation it’s not longer an unlimited refresh token. I know this is not a good practice. But I would like to generate an unlimited token to let my users use this token as an API key into their scripts and then be able to use it without changing it everyday. Do you have a better solution for me ? To answer this use case

BTW I already read this topic Id token and refresh token from in react app - #3 by stephanie.chamblee

Hi @benjamin.coenen,

Welcome to the Auth0 Community!

The Auth0 react library does not have this functionality as it would be insecure.

You should be issuing a set of client credentials as a new third-party application for each developer if you would like to provide your users with developer access to an API. We do not have an API key feature or direct equivalent.

If you search the forum there are topics discussing how to set this up. For example:

Hope this helps!

P.S. If you reply to your own topic it knocks it out of our unanswered queue and will often go unanswered.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.