Reputation: 21
What if the user is still authenticated and the access token expires?
I am currently studying Oauth 2.0 and OIDC, and I have a confusion about access tokens. If the end-user is still interacting with the application and the access token the app obtained from the Authorization Server expires , what should the application do if it has no refresh token and needs to access some resources ? Should the end-user be reauthenticated ?
Thank you in advance for you help
Upvotes: 1
Views: 761
Answers (1)
Reputation: 19991
If the access token is expired and you have no refresh token, then you have to let the user sign-in and reauthenticate. Sometimes the OIDC server can remember the user and auto-signin the user again. But how this is done is very implementation specific. How this is done is outside the scope of the specification.
Upvotes: 1
Related Questions
- When to refresh the access token
- OAuth: Should an unexpired access token be revoked when it is refreshed?
- Angular login after token expiration
- How to make Owin automatically use refresh token when access token expires
- How to keep track of whether a user with an access token still has a valid session?
- Should we wait till the access token expire before we get refresh token?
- Dealing with expired access tokens in OAuth2 implicit grant
- Open id connect access token expiration
- How to handle expiration of OAuth access_token using Asana node client?
- What if the user can't log in with their OpenID?