Lock Android v2 Refreshing JWTs


This feature uses delegation. By default, delegation is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate.

When an authentication is performed with the offline_access scope included, the returned Credentials will contain a Refresh Token and an ID Token. Both tokens can be used to request a new Access Token and avoid asking the user their credentials again.

We need to store the tokens in a secure storage after a successful authentication. Keep in mind that Refresh Tokens never expire. To request a new token you'll need to use's AuthenticationAPIClient. Don't forget to request the same scope used in the first login call.

Using Refresh Token

Using a non-expired ID Token