Lock Android v1 Refreshing JWT Tokens

Versionv1

This document covers an outdated version of Lock for Android. We recommend you to upgrade to v2

When an authentication is performed with the offline_access scope included, it will return a Refresh Token that can be used to request a new JWT token and avoid asking the user their credentials again.

Lock.Android will include the offline_scope scope by default.

Before we start, we have to retreive id_token or refresh_token from the token when a the user logs in.

private BroadcastReceiver authenticationReceiver = new BroadcastReceiver() {
    @Override
    public void onReceive(Context context, Intent intent) {
        Token token = intent.getParcelableExtra(Lock.AUTHENTICATION_ACTION_TOKEN_PARAMETER);
        String idToken = token.getIdToken();
        String refreshToken = token.getRefreshToken();
        // Store id_token or refresh_token in a secure storage
    }
};

Then, we need to store id_token or refresh_token in a secure storage after the user is authenticated by Auth0. And finally, you can request a new id_token using either of them by calling to Auth0`s delegation endpoint.

Using a non-expired id_token

String idToken = // Retrieve id_token from the secure storage
Lock lock = LockContext.getLock(this);
AuthenticationAPIClient client = lock.getAuthenticationAPIClient();
client.delegationWithIdToken(idToken).start(new RefreshIdTokenCallback() {
    @Override
    public void onSuccess(String idToken, String tokenType, int expiresIn) {
        //SUCCESS
    }

    @Override
    public void onFailure(Throwable error) {
        //FAILURE
    }
});

Using refresh_token

String refreshToken = // Retrieve refresh_token from the secure storage
Lock lock = LockContext.getLock(this);
AuthenticationAPIClient client = lock.getAuthenticationAPIClient();
client.delegationWithRefreshToken(refreshToken).start(new RefreshIdTokenCallback() {
    @Override
    public void onSuccess(String idToken, String tokenType, int expiresIn) {
        //SUCCESS
    }

    @Override
    public void onFailure(Throwable error) {
        //FAILURE
    }
});