Issue with refreshing the token using credentials manager

Miloye1 commented 1 year ago

Checklist

[X] I have looked into the README and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

Hello, I’m having trouble with the credentials manager. In the documentation it clearly states that the credentials() method “Retrieves the credentials from the storage and refreshes them if they have already expired.” (docs), but I can’t seem to get it working.

Reproduction

I’m receiving the refresh_token after authenticating and I have set token duration to 30s. Also, I have set up the token rotation. But when I invoke the credentials() I get the same tokens back.

So, am I misunderstanding the credentials() method? Is it supposed to renew the tokens using the refresh_token or not?

My code:

import 'package:flutter/material.dart';
import 'package:auth0_flutter/auth0_flutter.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart';

class AuthProvider extends ChangeNotifier {
  bool _isLoggedIn = false;

  final Auth0 auth0 = Auth0(dotenv.env["DOMAIN"]!, dotenv.env["CLIENT_ID"]!);

  bool get isLoggedIn {
    return _isLoggedIn;
  }

  Future<void> login() async {
    await auth0.webAuthentication(scheme: dotenv.env["AUTH0_SCHEME"]!).login();
    _isLoggedIn = true;
    notifyListeners();
  }

  Future<void> logout() async {
    await auth0.webAuthentication(scheme: dotenv.env["AUTH0_SCHEME"]!).logout();
    _isLoggedIn = false;
    notifyListeners();
  }

  Future<bool> isUserLoggedIn() async {
    final loggedIn = await auth0.credentialsManager.hasValidCredentials();
    if (loggedIn) {
      final credentials = await auth0.credentialsManager.credentials();
      print(credentials.expiresAt);
      print(credentials.idToken);
      print(credentials.accessToken);
      print(credentials.refreshToken);
    }
    if (loggedIn) {
      _isLoggedIn = true;

      return true;
    }

    return false;
  }

  Future<Credentials> getUserCredentials() async {
    return await auth0.credentialsManager.credentials();
  }
}

auth0_flutter version

^1.1.0

Flutter version

3.7.9

Platform

Android

Platform version(s)

13

Widcket commented 1 year ago

Hi @Miloye1, thanks for raising this.

Are you setting up the access token expiration (in your Auth0 API settings page) or the ID token expiration (in your Auth0 Application settings page)? The Credentials Manager only checks for the expiration of the access token.

Also please make sure to set the expiration before logging in, because the access token expiration comes with the credentials. It doesn't get updated after that.

Miloye1 commented 1 year ago

Hi @Widcket thanks for the response.

I wasn't setting the expiration time in the API settings, only on the application settings, and now the token is refreshed successfully.

But I still don't fully get how the APIs work so I guess I'll have to dig into the docs some more. We have a custom API for our backend, and when I set the expiration time there, and use it's identifier as audience, I don't get the refresh token in the response. But when I use the system Auth0 Management API instead it works. Is there an additional setting that should be configured?

Thanks in advance

Widcket commented 1 year ago

Make sure it's enabled in the API settings:

nhannguyenandpad commented 3 months ago

Hi @Miloye1, does this actually fix your issue? Since I also can not refresh the token even after enabling Allow Offline Access.

auth0 / auth0-flutter