Identity Lab 2 Exercise 3 - Working with Refresh Tokens

Identity Lab 2 Exercise 3 - Working with Refresh Tokens

Right now, if your users stay logged in for too long and try to refresh the / page, they will face a problem. Access tokens were conceived to be exchanged by different services through the network (which makes them more prone to leakage), so they should expire quickly. When an access token is expired, your API won't accept it anymore, and your web application won't be able to fetch the data needed. A token expired error will be returned instead. To change this behavior, you can make your web app take advantage of yet another token: the refresh token. A refresh token is used to obtain new access tokens and/or ID tokens from the authorization server. In this exercise, we're going to modify the application to obtain a refresh token and use it to get a new access token when it expires.

video placeholder

Was this video helpful?


← All Identity Labs

On This Page