Stack Overflow
Stack Overflow

Questions tagged [refresh-token]

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time.

999 questions
7
votes
2 answers

How to implement auto refresh in client side(vue.js)?

Note: I have seperated my client(Vue.js) and server(DjangoRest). I'm using JWT to validate every request made from the client to the server. Flow- Client sends user credentials to server. Server sends back a refresh and access token if credentials…
nishant_boro
  • 374
  • 1
  • 2
  • 8
7
votes
1 answer

JWT Token Expiration time failing .net core

I am trying to implement Token Based Authentication through refresh tokens and JWT in .NET Core 2.1. This is how I am implementing the JWT Token: Startup.cs services.AddAuthentication(option => { option.DefaultAuthenticateScheme =…
Abhilash Gopalakrishna
  • 910
  • 2
  • 22
  • 52
7
votes
3 answers

When should an OAuth authorization code expire?

I know that (when using the authorization code "Authorization code" in OAuth), the lifetime of an access-token should be short but the lifetime of a refresh token can be long. So I decided for my project: access-token-lifetime: 1…
hardfork
  • 2,470
  • 1
  • 23
  • 43
7
votes
0 answers

Storing & retrieving Google Oauth2 Access & refresh tokens

I am new to development in the MEAN stack and to Google's OAuth2.0, so please forgive my ignorance. My web app requires a user to sign up using Google's Oauth2.0 to provide the app access to one of the Google APIs. I'm looking for a way to store…
Suparna Gharpure
  • 391
  • 3
  • 10
7
votes
4 answers

IdentityServer4 refresh token invalid grant

I'm having some issues on requesting new refresh tokens in IdentityServer4. Sometime after authentication, I get an Unauthorized response from my API, ok, but when I try to request a new refresh token, I get an invalid_grant from the server. I made…
Rafael Trojack
  • 209
  • 1
  • 5
  • 12
6
votes
3 answers

Why is BFF pattern deemed safer for SPA's?

I am designing a new web application which requires an oAuth2 implementation. I've been reading up on oAuth2 Authorization Code flow with PKCE. That makes sense, it ensures that de client who is initiating the Authorization Code flow is the same…
JarroVGIT
  • 4,291
  • 1
  • 17
  • 29
6
votes
1 answer

JWT refresh token strategy

I see in a blog (here) about Authentication in React with JWT, this setup: access token expiry is 15 minutes , refresh token expiry is 1 month; every 10 minutes the client calls the /refreshToken endpoint, to check if refreshToken is still valid…
MarcoS
  • 17,323
  • 24
  • 96
  • 174
6
votes
1 answer

When should we refresh access token in frontend?

Let's say we have short-lived access token (15 minutes) and long-term refresh token (7 days). When should we ask backend to refresh access token? I see two options: After user logs in we start a countdown to automatically refresh token one minute…
Rocky3582
  • 573
  • 4
  • 7
  • 17
6
votes
1 answer

Google API refresh token has been expired or revoked

I am using a Google Ads php library (https://github.com/googleads/googleads-php-lib) to manage my own google ads account, following Google's instructions here (https://developers.google.com/adwords/api/docs/guides/first-api-call) (I've actually been…
IanS
  • 1,459
  • 1
  • 18
  • 23
6
votes
3 answers

How to get the refresh token from Firebase.auth.currentUser Android Kotlin

I am breaking my head on how to get the refresh token from FirebaseAuth but cannot seem to find how. On iOS, the equivalent is Auth.auth().currentUser?.refreshToken. Any help is highly appreciated.
Tal Zion
  • 6,308
  • 3
  • 50
  • 73
6
votes
6 answers

renew token in signalR after expired token

I create a realtime connection via SignalR From client(angular 9) and server(asp.net core 3.1) and Authorize hub by JWT Token such as below code : private createConnection() { this.hubConnection = new…
mahdi rahimzade
  • 111
  • 1
  • 8
6
votes
2 answers

IdentityServer4 Refresh Token: How to determine expiration time?

I am working with the Identity Server 4 sample code. In particular, for the client I am using the sample MVC Client with the Hybrid flow: https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Clients/src/MvcHybrid And for the server…
anon
  • 4,578
  • 3
  • 35
  • 54
6
votes
1 answer

Azure API Management - how to refresh access token backend API?

I have created an API in Azure API Management to get data from a backend API. The backend API uses oAuth2 with an access token that expires in 10 minutes. With a returned refresh token you can get a new access token, which is again valid for another…
Arie
  • 71
  • 2
6
votes
1 answer

Not returning refresh token from auth code

I'm using googleapis package from node to get refresh token and access token from auth code passed from front-end but every time I get the following error. { error: 'redirect_uri_mismatch', error_description: 'Bad Request' …
ngLover
  • 4,439
  • 3
  • 20
  • 42
6
votes
1 answer

JWT Refresh token and Multi-Page Application

I am going to implement JWT authentication for several independent services. There will be auth.example.com and service1.example.com, service2.example.com etc. My assumptions: JWT can be kept in cookie for ".example.com" JWT expire time should be…
vsespb
  • 134
  • 1
  • 9
1 2 3
66 67