Disable Refresh Token Rotation

You can disable refresh token rotation for each application using Dashboard or the Management API.

Disable with the Dashboard

  1. Go to Dashboard > Application Settings and scroll to the Application Tokens section.

  2. Next to Refresh Token Behavior select Non-Rotating.

    Disable Refresh Token Rotation Screen

  3. Click Save Changes.

Disable with the Management API

  1. Disable refresh token rotation for each application using the Management API:

    const auth0 = await createAuth0Client({
          domain: '<YOUR AUTH0 DOMAIN>',
          client_id: '<YOUR CLIENT ID>',
          audience: '<YOUR API IDENTIFIER>',
          useRefreshTokens: false
        });
    
    

  2. Configure the non-rotating refresh token settings as follows:

    PATCH /api/v2/clients/{client_id}
        {
          "refresh_token": {
        "rotation_type": "non-rotating",
        "expiration_type": "non-expiring"
          }
        }
    
    

Learn more