Hey @dersand,
Yes, you're on the right track! You can use the refresh token to obtain a new access token. This is done by making a request to the
https://<your_subdomain>.kinde.com/oauth2/token endpoint with
grantType=refresh_token.
Remember, Kinde always rotates refresh tokens. When you use an existing refresh token to request a new access token, a new refresh token is also generated and provided with your new access token. The old refresh token becomes immediately invalid.
Also, Kinde allows a small overlap period when both a previous and new refresh token is valid. This is to account for retries and bad network connections. You can set the lifetime of a refresh token in Kinde. It needs to be longer than the life of an access token.
If you're not using an SDK, you should store the refresh token you get with your initial
/token request. Otherwise, your user will need to go through the sign in process again, to get a new access token.
If you're using a front-end SDK like Javascript or React, the
getToken function stores an in-memory cache of the access token, which it returns by default. If the token is about to expire it will use a refresh token to get a new access token from Kinde silently in the background so additional network requests to Kinde are only made when absolutely necessary.
You can read more details on refresh tokens here:
https://kinde.com/docs/developer-tools/refresh-tokens/Hope this helps! Let me know if you have any other questions.
