Skip to main content
Version: v4.5

Rotated refresh tokens

Rotated refresh tokens automatically refresh so that users do not have to log in each time a token expires after 24 hours.

Source code reference#

The following handleRequestError function in SetupProject.js handles the refresh and rotation of tokens:

async handleRequestError(error) {  console.error(error)  if (_.get(error, 'errorResult.status') === 401) {    if (!this.isSigningOut) { //Checks if the user is signing out      this.isSigningOut = true;      if (endPointConfig.authType === 'implicit') { // If authType configured in the endpoint is implicit, it logs the user out        this.state.action.userLogout();      } else if (endPointConfig.authType === 'pkce') { // If authType configured in the endpoint is is pkce it fetches the auth token        const tokens = await this.props.authService.getAuthTokens(); //Gets the auth tokens        const refreshToken = tokens && Object.keys(tokens).length > 0 ? tokens.refresh_token : ''; //Checks if there are refresh tokens        if (refreshToken) {          let updatedToken = await this.props.authService.fetchToken(refreshToken, true); //Fetches new token with refresh          console.log("updatedToken", updatedToken)          if (updatedToken) {            let user = await IafSession.setAuthToken(updatedToken.access_token, undefined); //Updated token is set in session storage            this.setState({token: updatedToken.access_token}) //Sets updated token          }        }      }    }  }}