Stack Overflow
Stack Overflow

Questions tagged [refresh-token]

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time.

999 questions
9
votes
2 answers

How can I refresh tokens in Spring security

This line: Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody(); Throws an error like this when my jwt token expires: JWT expired at 2020-05-13T07:50:39Z. Current time: 2020-05-16T21:29:41Z. More specifically, it is this…
Alexandros Kourtis
  • 539
  • 2
  • 6
  • 20
9
votes
5 answers

OAuth 2.0 Refresh Token multiple Tabs

When using the OAuth 2.0 JWT Refresh token implementation I came across the issue that it's really difficult to implement a solid Refresh Strategy on the Web Browser Client Side. Multiple Tabs can lead to a racing condition with the requests. The…
t16n
  • 223
  • 2
  • 11
9
votes
2 answers

Implicit Flow with silent refresh in React

Background I'm testing Implicit Flow auth in my React app and trying to implement so-called Silent Refresh capabilities, where I periodically ask for a new access token while the user is logged in, without the need to ask him for a new…
8-Bit Borges
  • 9,643
  • 29
  • 101
  • 198
9
votes
1 answer

Handling Refresh Token in React Native

I have an app authenticating fine and returning the access_token and refresh_token. I store them with AsyncStorage and save/get the access_token with redux. This is the very first app I am building and I am struggling with how and where to use the…
Jeff
  • 543
  • 2
  • 9
  • 27
9
votes
1 answer

Why use JWT refresh token

I'm not sure I understand the concept of refresh tokens. I know what they do - store them somewhere and whenever the access token expires, get a new access token with them. It is obviously very important to not leak this refresh token because…
Wolfgang
  • 2,188
  • 1
  • 25
  • 24
9
votes
1 answer

When to pass refresh token to API

I am trying to access an authorization server that issues short lived access tokens and longer lived refresh tokens when a user presents a username and password. Should the client pass the refresh token on every call to the API along with the…
webworm
  • 10,587
  • 33
  • 120
  • 217
8
votes
2 answers

Keycloak client credentials grant type with refresh token

I have a client in keycloak (7.0.0) with given configuration - highlighted option "enables support for 'Client Credentials Grant'": When I obtain a token for that client (POST /auth/realms/{my-realm}/protocol/openid-connect/token), I receive a…
dev123
  • 477
  • 8
  • 20
8
votes
1 answer

Should Refresh Tokens Be Deleted on Logout?

I using access tokens and refresh tokens to authenticate my users for my asp.net core 2 api. When a user physically clicks the logout button, I clear the local storage that contains the access token and refresh token. But I am wondering if I should…
chobo2
  • 83,322
  • 195
  • 530
  • 832
8
votes
2 answers

IdentityServer4 - How to store refresh token into database using mysql.data?

I'm new at IdentityServer4. I read I need to implement an IPersistedGrantStore to store refresh tokens into a table like PersistedGrants in my database. IdentityServer logs is the following when my native app ask for a new access token:…
Mini Dev 1
  • 169
  • 1
  • 2
  • 8
8
votes
2 answers

How to handle multiple responses in Angular responseError interceptor

I'm currently using the following code to rethrow a request that returns a 401 from my API: responseError: function(rejection) { var authData = localStorageService.get('authorizationData'); if (rejection.status ===…
RandomUs1r
  • 4,010
  • 1
  • 24
  • 44
8
votes
2 answers

Firebase refresh-token expiration

While testing the security of one of our product, a web application, using the REST API of Firebase we got surprised when we realised that refresh-tokens never expire in the V3 of the Firebase implementation, allowing any refresh-token to create new…
Robin Goupil
  • 154
  • 1
  • 3
  • 14
8
votes
3 answers

How to refresh data after refresh token refreshes jwt

I've been trying to get my refresh token to work for a while now, and I hope I'm close. My token refreshes and triggers a subsequent 200 call to whatever call caused the 401, but my the data on my page doesn't refresh. When an access token expires,…
RandomUs1r
  • 4,010
  • 1
  • 24
  • 44
7
votes
0 answers

httpOnly cookie in react-native for JWT refresh-token

I have an express-node server . I send JWT access token in response and also a JWT refresh token via httpOnly cookie only . When using it in browser, that refresh token is automatically sent with every subsequent request. But when I tried to use…
subhadip pahari
  • 799
  • 1
  • 7
  • 16
7
votes
3 answers

[OAuth][Keycloak] invalid_grant session not active when trying to use refresh_token

I'm trying to refresh the oauth2 token using ClientOAuth2.Token.refresh() but keep getting the error sometimes: {"error":"invalid_grant","error_description":"Session not active"} This is the request which I captured by Fiddler POST [URL]=…
user10613920
7
votes
1 answer

How to fix 'error: invalid_grant Invalid authorization code' when asking for reshresh_token from Spotify API?

I'm trying to receive refresh_token for my Ionic app, I successfully receive access_token. I receive code (authorization_code or access_token) from endpoint https://accounts.spotify.com/authorize?client_id= in my TypeScript project, I pass it to…
user3057645
  • 321
  • 1
  • 2
  • 10
1 2
3
66 67