Hello everyone!
I am working on app where backend uses id_token to authorize users from different social providers (OIDC implicit code flow).
I can get retrieve id_token through oauth2/authorize redirect flow, but it’s valid only for 15 minutes.
Documentation said that id_token cannot be refreshed, so is there any way to get new id_token without users going through explicit oauth2/authorize redirect flow?
For example: API to make request to retrieve new id_token
Thank you!
No, OIDC cannot be refreshed and the JWT is only valid as a representation of the user for 15 minutes.
Personally I use OIDC to verify the ID and link them to an account in my system, so my system uses their account to run the session, and use OIDC as the initial login step, and then hand off to my session manager. But I only run my session manager on a 30 minute cycle. So if they load a new page within 30 minutes it keeps the session good.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.