I’m not sure about the <refreshing documentation>....
# talk-kratosm
melodic-autumn-17939
06/29/2023, 11:50 AMI’m not sure about the refreshing documentation. Can I in my client refresh the session without user intervention? E.g. what does
refresh=true/self-service/login/browser/self-service/login/apip
proud-plumber-24205
06/29/2023, 12:37 PMHi @melodic-autumn-17939
Session "refresh" means that the user needs to provide a credential again, e.g. they have an active session, but it now requires proof again by asking the user to enter their password.
Yes, you can force a session refresh by having the user navigate to
/self-service/login/browserrefresh=truem
melodic-autumn-17939
06/30/2023, 12:51 AMWhat about this part of the question:
E.g. what doesWhat is the difference when my session is already active? What I’m asking for if is it possible to extend the session without user needs to do anything as long as they have a valid session token. Similar to how OAuth refresh token can be used to get a new access token.do versus omitting it forrefresh=trueand/self-service/login/browser/self-service/login/api
melodic-autumn-17939
06/30/2023, 6:34 AMOr in other words: how can I extend my users session without asking them to log in again and without using the admin api
melodic-autumn-17939
06/30/2023, 6:48 AMI think I found the answer to be “admin api” only, right?
p
proud-plumber-24205
06/30/2023, 7:02 AMOry uses tokens (native apps) and cookies (browser apps) to issue sessions. This is also not an OAuth token so you do not have the option of to do a refresh of the token.
The
refresh=true/self-service/login/browser/self-service/login/apiproud-plumber-24205
06/30/2023, 7:04 AMCorrect, the admin api is the only way to extend the session