Disable Refresh Token Rotation

Disable Refresh Token Rotation

You can disable refresh token rotation for each application using Dashboard or the Management API.

Disable with the Dashboard

  1. Go to Dashboard > Application Settings and scroll to the Application Tokens section.

  2. Next to Refresh Token Behavior select Non-Rotating.

    Disable Refresh Token Rotation Screen

  3. Click Save Changes.

Disable with the Management API

  1. Disable refresh token rotation for each application using the Management API:

    const auth0 = await createAuth0Client({
          domain: '<YOUR AUTH0 DOMAIN>',
          client_id: '<YOUR CLIENT ID>',
          audience: '<YOUR API IDENTIFIER>',
          useRefreshTokens: false
        });

    Was this helpful?

    /

  2. Configure the non-rotating refresh token settings as follows:

    PATCH /api/v2/clients/{client_id}
        {
          "refresh_token": {
        "rotation_type": "non-rotating",
        "expiration_type": "non-expiring"
          }
        }

    Was this helpful?

    /

Learn more