Refresh Tokens

Access tokens gained during the user authentication process is short lived and confidential. To avoid re-authentication in applications, a Refresh token can be used to gain a new access token.

Refresh tokens have longer expiry compared to access tokens.

A refresh token once used cannot be used again to get a new access token. A new refresh token will be issued along with a new access token.

// configuration
const oidc = new AppAuth(
  {
    issuer: new URL("https://auth.oolio.dev"),
    clientId: clientId,
    redirectUrl: `${window.location.origin}/callback`,
  },
  sessionStorage
);

// use refresh_token to get a new access_token
oidc.refreshToken(refreshToken).then(result => {
      console.log(result.access_token, result.refresh_token);
});