• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Refresh tokens going stale

Scheduled Pinned Locked Moved
Q&A
refresh token
1
2
1.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 17 Nov 2020, 23:07

    Will the refresh token go “stale” and be invalid if there is a set amount of time without any activity on a refresh token? Example:

    Bob authenticates and obtains an authentication token as well as a refresh token. He does not use the refresh token for > 24 hours. When he attempts to use it to obtain a new authentication token, which will happen?

    1. He’ll get a new auth token via the refresh token since it’s expiry is 2 weeks
    2. He’ll have to reauthenticate because ??

    --
    FusionAuth - Auth so modern you can download it.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 17 Nov 2020, 23:08

      This is configurable. Go to https://fusionauth.io/docs/v1/tech/core-concepts/tenants/#jwt (though the screencaps are a bit out of date) but you’ll go there in your instance.

      You’ll see refresh token settings.

      If you’re using a fixed expiration, then it never expires based on last usage, but just based upon time since it was issued.

      If you’re using a sliding window expiration, then it will expire based upon the time since it was last used.

      --
      FusionAuth - Auth so modern you can download it.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post