Question

Refresh Tokens - Are they supposed to change?

  • 7 July 2020
  • 4 replies
  • 2207 views

When calling Refresh(RefreshToken) I expect that a new access token is provided but it looks like a whole new refresh token is being provided too. Is that intentional?


4 replies

Yes, if you generate an access token from a refresh token in exchange the refresh token get expired so that no more access token can be generated from that same refresh token.

However, it can be used as long as the access token remains active and get expired once a new access token gets generated.

@Anirban Sen Chowdhary -

Is there a type of refresh token that is persistent? One that won't change every time?

I'm trying to avoid concurrent uses of our app stepping on each other's toes when it comes to the refresh token.

Every time you use a valid/unexpired refresh token to exchange for a new access token, you will get a new access token and a new refresh token. The new access token will be valid again for 3600 seconds and the new refresh token will be valid again for 7 days. This helps you avoid re-login as long as you handle this well and your refresh token is not expired.

@Phong Vu is there a way to get a new access token without refreshing the refresh token?

Reply