FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Does OAuth Token Refresh Count as a Login in FusionAuth Reports?

    Scheduled Pinned Locked Moved Solved
    Q&A
    oauth login
    1
    2
    179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wesley
      last edited by

      In the FusionAuth UI, the Login report displays logins over a specified time period.

      Does using an OAuth refresh grant or refreshing an access token via the /api/jwt/refresh API count as a login in this report? While a refresh isn’t a traditional login, one could argue that obtaining a new access token qualifies as a login event.

      W 1 Reply Last reply Reply Quote 0
      • W
        wesley @wesley
        last edited by

        Yes, exchanging a refresh token for a new access token (JWT) does count as a login event in the Login report.

        Events That Count as a "Login":

        1. A login is completed using any Login API (e.g., normal login, one-time login, passwordless login, Identity Provider login, or Connector-based login).
        2. A user is created with a password (whether through self-service registration or the Registration API).
        3. A refresh token is exchanged for a new JWT.
        4. A user successfully completes a 2FA login.

        For more details, refer to:
        What Makes a User Active?

        1 Reply Last reply Reply Quote 0
        • W wesley has marked this topic as solved
        • First post
          Last post