Connect your app to Dropbox

Lock Android v1 Refreshing JWT Tokens


This document covers an outdated version of LockLock for Android. We recommend you to upgrade to v2.

This feature uses delegation. By default, delegation is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate.

When an authentication is performed with the offline_access callback URLscope included, it will return a redirect URIRefresh Token that can be used to request a new JWT token and avoid asking the user for their credentials again.

Lock.Android will include the offline_scope scope by default.

Before we start, we have to retrieve the ID Token or Refresh Token from the token when the user logs in.

Then, we need to store the ID Token or Refresh Token in secure storage after the user is authenticated by Auth0. And finally, we can request a new ID Token using either of them by calling Auth0`s delegation endpoint.

1. Login to the developer portal

Using a non-expired ID Token

2. Create your app

Using Refresh Token