Lock Android v1 Refreshing JWT Tokens


This document covers an outdated version of Lock for Android. We recommend you to upgrade to v2

When an authentication is performed with the offline_access scope included, it will return a Refresh Token that can be used to request a new JWT token and avoid asking the user for their credentials again.

Lock.Android will include the offline_scope scope by default.

Before we start, we have to retrieve the ID Token or Refresh Token from the token when the user logs in.

Then, we need to store the ID Token or Refresh Token in secure storage after the user is authenticated by Auth0. And finally, we can request a new ID Token using either of them by calling Auth0`s delegation endpoint.

Using a non-expired ID Token

Using Refresh Token