I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh...

I am working on a admin app in reactjs which uses redux for state management. In my app when user log in it gets access_token and refresh _token. access_token which gets expired after 5 min. after ...

I am using AWS Cognito for my web app. I logged into my webapp and got the access / refresh tokens from browser dev mode. The access token can be decoded on https://jwt.io/: The header is { "...

I am breaking my head on how to get the refresh token from FirebaseAuth but cannot seem to find how. On iOS, the equivalent is Auth.auth().currentUser?.refreshToken. Any help is highly appreciated....

I see in a blog (here) about Authentication in React with JWT, this setup: access token expiry is 15 minutes , refresh token expiry is 1 month; every 10 minutes the client calls the /refreshToken e...

I have to confess I've had this question for a very long time and never really understood. Say an auth token is like a key to a safe; when it expires it's not usable anymore. Now we're given a magi...

I've been reading about this for a while, and nothing makes sense, and the explanations are conflicting, and the comments are proving that. So far what I understood is that JWTs are storing informa...

If I understood the refresh token rotation right, it means that every time we request a new access token, we also get a new refresh token. If a refresh token is used more than once - we invalidate ...

I am working with the Identity Server 4 sample code. In particular, for the client I am using the sample MVC Client with the Hybrid flow: https://github.com/IdentityServer/IdentityServer4/tree/mast...

Let's say we have short-lived access token (15 minutes) and long-term refresh token (7 days). When should we ask backend to refresh access token? I see two options: After user logs in we start a c...

Keycloak refresh token lifetime is 1800 seconds: "refresh_expires_in": 1800 How to specify different expiration time? In Keycloak admin UI, only access token lifespan can be specified: ...

I am using a Google Ads php library (https://github.com/googleads/googleads-php-lib) to manage my own google ads account, following Google's instructions here (https://developers.google.com/a...

I have a Google OAuth2 client approved by Google, which provides offline access to user's account with required scopes. My backend application stores and uses the refresh token to refresh the acces...

My application uses a Google refresh token (to get access_token from Google). I have two questions here: I know Google refresh token does not expire for 6 months (see the doc here); say I got a re...

We've got this document that explains how to set up Keep Me Signed In (KMSI) using Custom Policy: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-keep-me-signed-in OK, gr...

In the context of a Single-Page Application (JavaScript) authenticating with an OIDC Server, the standard and recommended way to keep the session alive (getting more tokens after they expire) is to...

We have Google OAuth2 Web client at Google API Console With the help of Oauth Web Client, we get Refresh token for each Users ( By using web Authentication & Concert Screen ) We store received...

I'm using JWTs for authenticating users for my app. When a user logs in they are given an access token and a refresh token. To keep the refresh token safe, I don't store it on the client-side, but ...

This line: Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody(); Throws an error like this when my jwt token expires: JWT expired at 2020-05-13T07:50:39Z. Current time: 2020-05...

Note: I have seperated my client(Vue.js) and server(DjangoRest). I'm using JWT to validate every request made from the client to the server. Flow- Client sends user credentials to server. Server ...

I am trying to refresh access token if current access token is expired. I am sending multiple requests at one time and I want to make a kind of a queue, so other requests won't request refreshing ...

I have an app authenticating fine and returning the access_token and refresh_token. I store them with AsyncStorage and save/get the access_token with redux. This is the very first app I am building...

How does my Spring Boot client application access a refresh token supplied by e.g. Google in Spring Security 5? Pretty simple question. The remote authorization server (e.g. Google) sends a refres...

API request using JWT is implemented in flask and Vue.js. The JWT is stored in a cookie, and the server validates the JWT for each request. If the token has expired, a 401 error will be returned. ...

I have an express-node server . I send JWT access token in response and also a JWT refresh token via httpOnly cookie only . When using it in browser, that refresh token is automatically sent with e...