Auth0 Home Blog Docs

What the auth0 behavior using RefreshToken with SSO connection?

sso
refresh-tokens

#1

Hi,

I have a question about the Auth0 behaviour when using RefreshTokens with a SSO connection (third-party).
If i implement my RefreshToken logic with the SSO, does the Auth0 comunicates with the SSO connection defined to know if the third-party account is still valid?? or do i need to somehow make the logic to keep my third-party accounts info synchronized with the Auth0 accounts ?

Best regards,

Daniel M.


#2

@danielfnm When auth0 issues a refresh token it looks at the user in Auth0 not the IdP. So whenever a token is refreshed we use the user, the established authorization grant, and re-run the rules. Unless you write a rule to query the 3rd party API auth0 will not verify the validity of the user at the 3rd party.


#3

@sgmeyer So i researched a bit more and maybe what i need is a Silent Authentication to check the current state of the SSO connection, is that correct or we dont have a way to know what the status of the 3rd-party account?

I saw this in the “GetUserInfo” remarks:

To access the most up-to-date values for the email or custom claims, you must get new tokens. You can log in using silent authentication (where the prompt parameter for your call to the authorize endpoint equals none)

does the Silent Authentication get updated custom claims if they exist or as stated below we always need to Log in again using the external IdP?

To access the most up-to-date values for standard claims that were changed using an external IdP (for example, the user changed their email address in Facebook)., you must get new tokens. Log in again using the external IdP, but not with silent authentication.

Daniel M.