Lock Android v2 Refreshing JWTs


When an authentication is performed with the offline_access scope included, the returned Credentials will contain a Refresh Token and an ID Token. Both tokens can be used to request a new Access Token and avoid asking the user their credentials again.

We need to store the tokens in a secure storage after a successful authentication. Keep in mind that Refresh Tokens never expire. To request a new token you'll need to use's AuthenticationAPIClient. Don't forget to request the same scope used in the first login call.

Using Refresh Token

Using a non-expired ID Token