FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Refresh tokens going stale

    Scheduled Pinned Locked Moved
    Q&A
    refresh token
    1
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      Will the refresh token go “stale” and be invalid if there is a set amount of time without any activity on a refresh token? Example:

      Bob authenticates and obtains an authentication token as well as a refresh token. He does not use the refresh token for > 24 hours. When he attempts to use it to obtain a new authentication token, which will happen?

      1. He’ll get a new auth token via the refresh token since it’s expiry is 2 weeks
      2. He’ll have to reauthenticate because ??

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        This is configurable. Go to https://fusionauth.io/docs/v1/tech/core-concepts/tenants/#jwt (though the screencaps are a bit out of date) but you’ll go there in your instance.

        You’ll see refresh token settings.

        If you’re using a fixed expiration, then it never expires based on last usage, but just based upon time since it was issued.

        If you’re using a sliding window expiration, then it will expire based upon the time since it was last used.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post