Replies: 1 comment
-
Actually this is working, I think my mistake was I was testing the same user Id across two instances and clobbering the refresh token from the session. Maybe? What would happen in the case where I'm logged in via web and mobile. Same user id, two different sessions? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm trying to figure out the best practice of refreshing the access token after the access token has expired.
Example... user logs into my app, new access token of 1 hour and entire sessions saved. They close the app and then 5 hours later go back. The session will not resume since the access token has expired. However, I'd like to use the refresh token to restore their session without requiring them to log in.
I saw one option is to make the access token have a 1 week expiration, but my understanding of best practices is to keep the access token short lived and rely on the refresh token.
In my app, I currently do something like this on start-up
But I'm running into an issue where it tells me the refresh token has already been used. Which is confusing...
Any idea or best practices for this?
Thanks,
Rich
Beta Was this translation helpful? Give feedback.
All reactions