I am working on app where backend uses
id_token to authorize users from different social providers (OIDC implicit code flow).
I can get retrieve
oauth2/authorize redirect flow, but it’s valid only for 15 minutes.
Documentation said that
id_token cannot be refreshed, so is there any way to get new
id_token without users going through explicit
oauth2/authorize redirect flow?
For example: API to make request to retrieve new
No, OIDC cannot be refreshed and the JWT is only valid as a representation of the user for 15 minutes.
Personally I use OIDC to verify the ID and link them to an account in my system, so my system uses their account to run the session, and use OIDC as the initial login step, and then hand off to my session manager. But I only run my session manager on a 30 minute cycle. So if they load a new page within 30 minutes it keeps the session good.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.