Open ID connect for native applications, i need get a valid ID token without prompting the user after the initial authorization?

Question

I'm using the system browser for authentication. Identity Provider - Google

Steps

1 - user gets authorized by entering user name and password. I get the authentication_code at this point.

2 - I call the token end point and get access token, id token and refresh token.

When the ID token expires, I need to get a new valid ID token. I need to do this without prompting the user to enter a his credentials.

Question - Is it possible to get a new id token without prompting the user? Refresh token does not always return an ID token and its not a guaranteed behavior according to the open id specification

Tried Solution

Calling the authorization end point with "prompt=none,login_hint=username". This still redirects to the browser and comes back to the app.

Responses with an error

AuthorizationException: {"type":1,"code":1008,"error":"interaction_required"}

Why do you need a fresh ID token when you already know the user's identity? — Ján Halaša, Jul 14 '17 at 07:41
We are planning on using the ID token to authenticate the user for our systems API Calls. Hence the ID token we have expires, we will be needing a new one. — theNoob, Jul 14 '17 at 08:55
You can also look into client credential grant - https://tools.ietf.org/html/rfc6749#section-4.4 — Kavindu Dodanduwa, Jul 16 '17 at 06:52

score 1 · Answer 1 · answered Jul 14 '17 at 09:54

prompt=none is the way to go; when you receive interaction_required it means that the session at the Provider expired and the user needs to login again; there's no way around that since you really need to authenticate the user again to prevent abuse. If the SSO session was still valid - which it should be for a short period of time - you would have received your new id_token.

Open ID connect for native applications, i need get a valid ID token without prompting the user after the initial authorization?

1 Answers1

Linked