Renewing the Access Token

To reduce security risks, access tokens have a finite lifespan. Renewing the access token enables the application to access and protect the resources without creating an additional load on the authentication API.

The access token must be refreshed or updated to maintain access.

One simple approach is to check the exp field. If the expiration time is near, use the Refresh Token to obtain a new access/refresh token pair.

  1. Make sure to keep both new refresh and new access tokens secure.
  2. When encountering a 401 error during token refresh, reauthenticate with credentials to obtain a new access / refresh token pair.
  3. Refresh tokens are "one-time-use" and are invalidated (almost) immediately after use. This is the refresh token reuse detection security measure that guards against intercepting access/refresh tokens and helps to detect compromised channels. If the system detects a compromised refresh token, the application receives a 401 error and the "reuse detected" event is recorded in the system audit trail. If system-consuming authID APIs have a multithreaded implementation, It is crucial to make sure users keep a close eye on and steer clear of using refresh tokens multiple times.