Hi,
I’m developing an android app and I’m a bit confused about the purpose of the refresh token. Can a refresh token be used instead of the access token during long-living sessions in case of expiration?
I read that refresh tokens are used to get new access tokens but the SDK’s refreshToken method doesn’t take a refresh token as a parameter.
What is the use of the refresh token?
Thank you!
Hi,
Refresh tokens are indeed used to obtain a new access token. You want to create active session based on access tokens. If your access token is 1 hour long then make your session 1 hour long. If the current token expired, use the refresh token to obtain a new token. If the refresh expires then force a re-authentication.
The okta API /token endpoint takes a refresh token as parameter, I am sure the SDK implements it in some way.