Welcome to the Kinde community

Updated 7 months ago

From @jasdeep about tokens

Copied from #💬┃general channel - a question from @jasdeep

Hi all, newbie here and building a flutter app using Kinde Auth. I am trying to understand how this works. As per docks Kinde SDK take care of fetching new token automatically under the hood if refresh token is valid and access_token has expired. I am assuming it is happening while user is very much active on the app. I am wondering how does SDK get access to refreshToekn in scenario when user navigates away from the app and puts the app in background and when app comes back into focus, the access_token has expired but refresh token should still be valid. I understand that I can save access_token and refreshToken in secure storage but I don't see any method available on SDK which makes use of refresh token to fetch new access_token. Am I missing something here?
O
1 comment
Hey @jasdeep,
It's great to see you're using the Kinde Auth with your Flutter app. You're correct in your understanding that the Kinde SDK automatically handles the token refresh process when the access token has expired but the refresh token is still valid. This process is indeed designed to be seamless and requires minimal intervention from the developer.

Regarding your question about the scenario when the app is put into the background and then brought back into focus: the Kinde SDK manages the refresh token internally. When you use the getToken() method, the SDK checks the validity of the current access token and, if it has expired, it uses the stored refresh token to obtain a new access token automatically. This happens under the hood, so you don't need to manually intervene or explicitly call a method to refresh the token using the refresh token.

The refresh token itself is securely stored and managed by the SDK, which abstracts these details away from the developer to simplify the authentication process and enhance security. You don't need to manually save the access token or refresh token in secure storage unless you have specific requirements that necessitate it. The SDK's internal mechanisms are designed to handle these aspects securely.

If you're implementing additional security measures or need to handle tokens manually for any reason, ensure that any storage mechanism you use, such as flutter_secure_storage, is appropriately secure.
Add a reply
Sign up and join the conversation on Discord