Problems getting a new refreshToken
Good evening! I’m facing an issue with refreshToken generation. When I request a new token based on the refreshToken, I receive a valid new token, but the refreshToken returned is the same one I used in the request. Over time, this refreshToken becomes invalid. I’m performing the refresh for a client via M2M.
Does anyone know if this behavior is expected or if it might be an issue with Kinde after the latest update?
6 Replies
Hello @Marcos Knopp I've asked the team for you
Hey Marcos. We had an incident yesterday that impacted token exchange with the Kinde Management API. We deployed fixes. Please let us know if you still have the issue.
Thanks for the feedback Claire, unfortunately I'm still facing the same problem of receiving the same refreshToken that I sent in the request.
I'm using Go in my application, and until 1 or 2 days before I contacted support, it was working normally. The documentation says that when using a refreshToken to generate a new token, a new refreshToken is also generated, is that correct?
Yes. I believe that is correct. Thanks for the update. We will follow up again with our team.
Ok, I await your response regarding the case. Thank you.
@Marcos Knopp you will get the same access token, until it expires. Kinde maintains the active OIDC session, rather then maintaining the freshness of the data for each refresh token. This aligns closer to the OIDC standard specifying the token claims should be quite static during the active session.
You have 2 options to influence this behavior:
1. chane the access token TTL in settings to lower TTL, which make the token shorter-lived as a compromise
2. use the refresh claims API endpoint after any major modificastions to the user you'd like to be included during the next token refresh. This will force the next refresh to update the access token with the current user data (https://kinde.com/api/docs/#refresh-user-claims-and-invalidate-cache)