Refresh ID Token in Native (application type) - Refresh token flow

By: kesavan dhilip user 04 Jan 2018 at 3:16 a.m. CST

3 Responses
kesavan dhilip gravatar
Hi Team, I worked on authorization code flow in OIDC I create a client with application type - Native and follow the authorization code flow If the ID token get expired than I follow the refresh token grant type flow In this refresh token flow in token endpoint, I want to refresh the ID token because I use that ID token in my resourse server to validate I tried to get the refresh token flow, I got below response only """ { "access_token": "00dbd51b-c9bc-4b9b-a67c-8899d5895ccd", "token_type": "bearer", "expires_in": 299, "refresh_token": "59bc66d2-f799-43ae-85dc-3d80db7d2ea6", "scope": "openid email" } """ But its refresh access token only not an ID token Anyone pls help me out to get the ID token in refresh token flow in GLUU
Ubuntu 17.1
closed

Answers

By Thomas Gasmyr Mougang staff 06 Jan 2018 at 10:22 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Hi Kesavan, The section [12.2](http://openid.net/specs/openid-connect-core-1_0.html) of the OpenID Connect states this: > "Upon successful validation of the Refresh Token, the response body is the Token Response of Section 3.1.3.3 except that it might not contain an id_token". He seems like to get a new ID token you have to go through the authorization code flow again. There is a way to do that without prompting to user to authenticate again. For more details check this [link](https://stackoverflow.com/questions/25686484/what-is-intent-of-id-token-expiry-time-in-openid-connect).

By Thomas Gasmyr Mougang staff 08 Jan 2018 at 1:20 p.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Hi Kesavan, How it is going on? Feel free to submit a feature request for your need and we will handle that in future release. Thanks!

By Michael Schwartz Account Admin 08 Jan 2018 at 3:49 p.m. CST

Copy
Michael Schwartz gravatar
You can't refresh the id_token unless you re-authenticate the person. To re-authn, redirect the subject to the authorization endpoint with param `prompt=login`

Post an answer