Closed Routhinator closed 10 months ago
I'm not sure what I had going on in local, but on an actual deployment I'm not seeing the refresh token updated, and I also see the code would return the expiration if it was being set - closing this as something being off with my testing.
With the following settings:
The
refresh_expiration
time is not returned when the/token/refresh/
endpoint is hit even though the refresh token expiration is updated in theHTTPONLY
cookie. It is returned from the login endpoint however.Without the return from the refresh endpoint, a javascript client can only see the
access_expiration
. For now I am calculating therefresh_expiration
by adding 23 hours and 59 minutes to theaccess_expiration
as a workaround, but it would be ideal to have this returned to avoid having to calculate it.