To homepage To homepage
Solved

Refresh token expired with JWT Auth

  • 31 October 2023
  • 3 replies
  • 363 views
N
  • noc
  • Participating Frequently
  • 5 replies

Hello, I'd like to start by apologizing if this is duplicate - I looked through several other related questions that did not exactly answer what I'm looking for.

My app uses JWT Auth Flow to login and make calls using RingOut, and I have "Issue refresh tokens?" set to "Yes" in my app settings. In my implementation, I start-up a long-running daemon thread, and on initialization I login to my platform using the JWT token I created for my client ID. I saw post requests and calls being issued as expected when first starting the thread. I expected that my initial login would never expire, and I would continue to be able to make these post requests for as long as I like without re-authenticating.

Recently, I saw a "Refresh token has expired" error when the thread attempted to make a post request. Is this expected? I thought with "Issue refresh tokens" enabled, I could extend a session without needing a refresh token. Another note on my end - I logged in with the same credentials (client ID/secret, server URL, and JWT auth token) from a separate instance. Could this have caused this error?

I am curious if this error is expected, and if so, how can I alter my implementation such that no refresh token is required? Thank you very much in advance for any help.

icon

Best answer by Phong1426275020 31 October 2023, 23:15

View original

3 replies

Phong1426275020
Rank
Userlevel 1

I don't know the logic you implement in your app to handle tokens so I cannot say much about the root cause.

But you can rely on the value of the "refresh_token_expires_in" to decide if you can use the refresh token or not. And remember that every time you refresh the access token using the refresh token, you will get a new refresh token and new expiration time too.

For the case that you login the same app with the same JWT from a separate instance, you can login max 5 instances. This means that for each user of your app, you can have max 5 tokens concurrently. If the same user login the 6th time, the first token will be revoked.

N

Thank you for the response. I did not have more than 5 instances (only 2) so that does not appear to be the root cause.

I am still confused on JWT Auth Flow though. Is there a way such that when I login using my JWT token, I never have to re-authenticate and the session will run forever? That was the behavior I was expecting

N

The reason I expected this behavior is based on this page https://developers.ringcentral.com/guide/authentication/jwt-flow which says that "Credentials do not expire (unless you elect otherwise)". It seems I may have misinterpreted this though?

Reply


Terms & ConditionsCookie settings
PRODUCTS
RingEX
Message
Video
Phone
OPEN ECOSYSTEM
Developer Platform
APIs
Integrated Apps
App Gallery
Developer support
Games and rewards

RESOURCES
Resource center
Blog
Product Releases
Accessibility
QUICK LINKS
App Download
RingCentral App login
Admin Portal Login
Contact Sales
© 1999-2024 RingCentral, Inc. All rights reserved. Privacy Notice