Stack Overflow
Stack Overflow

Questions tagged [refresh-token]

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time.

999 questions
0
votes
1 answer

Google Auth Exchange Code , Referesh Token and Access Token

I am trying to get the refereh_token, access_token using Google Auth Exchange Code, went through the documentation but it doesn't work, I am using a react-google-login for Auth and getting the code in response and i am passing the…
Narendra Chouhan
  • 2,291
  • 1
  • 15
  • 24
0
votes
2 answers

Office 365 - will access/refresh tokens be invalidated as a result of switching a managed domain to federated?

In other words, will existing users who belong to a managed Office 365 domain be asked to re-authenticate (ex. in Outlook client) as a result of changing the authentication method of the Office 365 domain to federated? I am aware that users are…
Jatin
  • 667
  • 8
  • 16
0
votes
0 answers

Identity Server 4 Refresh Token Storage

I need to store random generated refresh token at server side. For example if user have an active refresh token, then server do not allow this user to generate another refresh token. Server needs to return existing refresh token to user. I think…
Ugur Ozker
  • 95
  • 1
  • 1
  • 9
0
votes
2 answers

Azure v2.0 Refresh Token, returns another Refresh Token

Azure AD is granting my application access tokens and a refresh token. When I use the refresh token to get a new access token, in return I get a new access token and a NEW refresh token. Azure AD does not specify like Google Suite how many…
mfs_1990
  • 203
  • 1
  • 2
  • 6
0
votes
1 answer

Discrepancy in the user roles(authorities) in the access token obtained from grant_type=password and grant_type=refresh_token

I have a situation: Step 1: Obtained access token (grant_type=password) (A1) and also a refresh token.(RT1) Step 2: Accessed resource (R) using the token (A1) - Success Step 3:Revoked user access role for Resource R. Step 4: Obtained access token…
Nikhil
  • 1,021
  • 12
  • 13
0
votes
1 answer

Web API Preventing Refresh Tokens from Leakage - Implementation

I'm tackling with JWT and their Refresh Tokens and couldn't find a good working example that serve performance and security at the same time. Performance:: It must not hit the database every time a token refreshed. Security:: Refresh token should be…
Mehrdad Kamali
  • 87
  • 3
  • 13
0
votes
1 answer

Encrypting refresh token before storing in database via IdentityServer[.EntityFramework]

Is there any way to encrypt the refresh tokens before they are stored in the database when using IdentityServer/IdentityServer.EntityFramework? Are they already encrypted?
Ryan Mendoza
  • 920
  • 1
  • 13
  • 27
0
votes
1 answer

Does Azure ad refresh token for Confidential clients neve expire

In doc https://learn.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes, it said: Confidential clients are applications that can securely store a client password (secret). They can prove that requests are…
Jason Liu
  • 21
  • 5
0
votes
1 answer

Using refresh tokens within AngularJS SPA

What is the correct way to request a new JWT authentication token via refresh tokens within AngularJS? I already have an implementation that, on every API request, checks whether the session needs refreshing and, if so, requests a new token from the…
Chris
  • 26,744
  • 48
  • 193
  • 345
0
votes
1 answer

Oauth Access Tokens: Should I refresh weekly if the tokens have a 30 day expiration?

I'm using an API that by default has it's access tokens expire 30 days after generating/refreshing. Is there a reason I shouldn't simply have a cron job that refreshes the token every week? I would rather set-and-forget rather than dynamically watch…
Oscar A Garcia
  • 173
  • 5
  • 18
0
votes
1 answer

Azure AD returns Unsigned Id Token while requesting renewal using refresh token

I am using Azure AD v1 endpoint to authorize my webapp. On initial authentication , I am not getting access_token to be a valid jwt token. However i am getting id_token to be valid jwt and the acces_token to be value of refresh_token which appears…
NewtonCode
  • 1,322
  • 5
  • 14
  • 25
0
votes
1 answer

Understanding how JWT auth works

I am trying to understand how authentication with jwt works & I have some basic questions. 1) Does the user send both accessToken and refreshToken with each request? 2) If so, how does it send the refreshToken(I know the accessToken is in http…
Soli
  • 842
  • 2
  • 11
  • 24
0
votes
0 answers

How can we use refresh token in an application?

I am using microsoft OWIN to generate access and refresh token at first login.i knew that refresh token is used to issue new access token .but my question is 1.If application is idle and access token is about to expire do we need to generate new…
Siba Prasad Dalai
  • 1
0
votes
1 answer

Refreshing OAuth2 Access Token

I am building web application which will consist of backend and frontend (web) part. I want to introduce auth between these two parts and my intention is to use OAuth2 for that. Frontend part will act as OAuth Client, and backend will serve as OAuth…
patak
  • 33
  • 6
0
votes
1 answer

Problems with refresh tokens in IdentyServer4 and IPersistedGrantStore implementation

I've implemented a custom PersistedGrantStore storing my refresh tokens in a xml file, however I now have problems refreshing my tokens. When I remove following lines, the refresh works services.AddTransient
Tom Janssens
  • 1
  • 1
  • 1
1 2 3
66 67