generic oAuth 2.0: Refresh token rotation

Like (0) Share

Report

Posted on 17 May 2023 09:51:47 by IndraDeMesmaeke

Hello,

we have been working on a custom connector for some time and have had some issues with token refreshing. We have setup the connector to use generic oAuth 2.0, retrieving access tokens and a refresh token works for an initial period.

Access tokens are also refreshed regularly. However, we have token rotation and expiry enabled on our refresh tokens every 2 weeks. After this point access tokens are no longer refreshed for the connector, our identity provider includes a new refresh token when the current refresh token is exchanged for renewed access.

Does a custom connector (and the built-in authentication) support rotation of refresh tokens, or does it expect the refresh token to be valid indefinitely?

Many thanks

Categories:

Authentication

All responses (2)

Answers (0)

apdams 2 on 26 Jun 2024 at 12:22:45

Like (0)

Report

Re: generic oAuth 2.0: Refresh token rotation

I have the same question. Did you ever solve this. I have the same problem. My tokens refresh for as long as the refresh token is valid (588000 seconds ~ 6.8 days). After 7 days, I have to manually refresh the token in order to get a new refresh token.
JBadham95_TT 2 on 29 Jan 2024 at 17:12:54

Like (0)

Report

Re: generic oAuth 2.0: Refresh token rotation

Hi,

Did you ever find a solution to this?

Thanks.