FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    What is the best way to know a refresh token has expired?

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    1
    2
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I can use this event to listen for when a refresh token is revoked, but is there a way to be informed when a refresh token expires?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @dan
        last edited by

        There is no webhook for this. You have a couple of options.

        When the login event happens, you can look up the refresh token associated with that login event. You'd match based on application and time.

        Then you can look up the application or tenant level refresh token lifetime and calculate out when the refresh token will expire.

        Depending on the refresh token usage settings, refresh token lifetime might extend based on usage, so you might need to recalculate the lifetime based on that.

        Then you'd know expiration time and refresh token id by querying this dataset.

        You can also poll FusionAuth directly, using the APIs. You'd still need to keep track of valid refresh tokens in a separate datastore, then use the APIs to pull the valid refresh tokens. You can pull refresh tokens by user, but not at a coarser level of granularity. When you do so, use startInstant combined with the application or tenant level refresh token configuration.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post