Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth0 class missing action to renew access token #234

Closed
jspetrak opened this issue Mar 16, 2018 · 8 comments
Closed

Auth0 class missing action to renew access token #234

jspetrak opened this issue Mar 16, 2018 · 8 comments
Assignees
@joshcanhelp
Milestone
5.2.0

Comments

@jspetrak
Copy link
Contributor

Auth0 class has an Authentication object instantiated internally. It is supposed to call this API with current session data like access/id/refresh token and perform the operations.

However the action to renew access token with refresh token is missing.
@joshcanhelp
Copy link
Contributor

joshcanhelp commented Mar 20, 2018
edited
Loading

If you need to get a refresh_token or an id_token back from your code exchange with oauth/token, you need to request that using the scope parameter when you create a new Auth0 instance.

  • If you only need an access token, you can omit the scope parameter
  • If you also need an ID token, use at least openid (more here)
  • If you also need a refresh token, add offline_access (more here)

We're reviewing the README here currently and will include some extra information about this 👍

@jspetrak
Copy link
Contributor Author

@joshcanhelp This is not about receiving id or refresh token. This is about ability to use the refresh_token to refresh the access_token. There is not a method to do that with a ready-setup Auth0.php instance, and the Authentication object is private inside the class.

@joshcanhelp
Copy link
Contributor

Sorry @jspetrak, I didn't read that correctly.

The next section down in the Refresh Token guide I sent has instructions (for anyone that is looking for a how-to):

https://auth0.com/docs/tokens/refresh-token/current#use-a-refresh-token

I agree, though, the SDK should have a method to handle that. I'll reopen and assign to myself.

Thank you!

@joshcanhelp joshcanhelp reopened this Mar 20, 2018
@joshcanhelp joshcanhelp self-assigned this Mar 20, 2018
@jspetrak
Copy link
Contributor Author

Perfect, thank you!

@d0cm0d
Copy link

d0cm0d commented Apr 24, 2018

I have the same problem. I need to get a user list from the Management class and the token gets invalid every 24 hours.

@joshcanhelp
Copy link
Contributor

@d0cm0d - Actually, this is regarding a refresh token for a user session, not the Management API. The token you're generating can be given a longer expiration date when you create it (make sure to limit your scopes to only the ones you need and keep that very safe) or you can authorize your Application for that Management API and do a Client Credentials Grant. If you need more assistance there, please work with our awesome support team.

@jspetrak
Copy link
Contributor Author

jspetrak commented Jun 2, 2018

@joshcanhelp How about this implementation? #257

@jspetrak jspetrak closed this as completed Jun 6, 2018
@joshcanhelp joshcanhelp added this to the v5-Next milestone Jun 6, 2018
@github-actions
Copy link
Contributor

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@joshcanhelp joshcanhelp

Labels
None yet
Projects
None yet
Milestone
5.2.0
Development

No branches or pull requests
3 participants
@jspetrak @joshcanhelp @d0cm0d