Lock.Android: Refresh JSON Web Tokens
offline_access
scope included, the returned Credentials will contain a Refresh Token and an ID Token. Both tokens can be used to request a new Access Token and avoid asking the user their credentials again.We need to store the tokens in a secure storage after a successful authentication. Keep in mind that Refresh Tokens never expire. To request a new token you'll need to use auth0.android
's AuthenticationAPIClient
. Don't forget to request the same scope used in the first login call.
Using Refresh Token
to configure this snippet with your account
String refreshToken = // Retrieve Refresh Token from secure storage
Auth0 account = new Auth0("YOUR_CLIENT_ID", "YOUR_DOMAIN");
auth0.setOIDCConformant(true);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
client.renewAuth(refreshToken)
.addParameter("scope", "openid email")
.start(new BaseCallback<Credentials, AuthenticationException>() {
@Override
public void onSuccess(Credentials credentials) {
//SUCCESS
String accessToken = credentials.getAccessToken();
}
@Override
public void onFailure(AuthenticationException error) {
//FAILURE
}
});
Was this helpful?/
Using a non-expired ID Token
to configure this snippet with your account
String idToken = // Retrieve ID Token from the secure storage
Auth0 account = new Auth0("YOUR_CLIENT_ID", "YOUR_DOMAIN");
auth0.setOIDCConformant(true);
AuthenticationAPIClient client = new AuthenticationAPIClient(auth0);
client.delegationWithIdToken(idToken)
.setScope("openid email")
.start(new BaseCallback<Delegation, AuthenticationException>() {
@Override
public void onSuccess(Delegation delegation) {
//SUCCESS
String idToken = delegation.getIdtoken();
}
@Override
public void onFailure(AuthenticationException error) {
//FAILURE
}
});
Was this helpful?/