Is there a feature in kratos where I can refresh a...
# talk-kratost
thankful-secretary-66849
08/04/2023, 1:33 AMIs there a feature in kratos where I can refresh a user's sessionToken. Not extending it. Basically I pass in the refresh token to basically regenerate a new session token and a new refresh token? I'm using kratos for a mobile app and we would like to have the session token be renewed when it gets expired without logging users our or asking user to login again.
thankful-secretary-66849
08/04/2023, 1:40 AMI guess this is pretty much what I'm also trying to do. Mimic something like oauth token that has access and refresh tokens that can be used to refresh the other. Is there a reason why this was not implemented?
d
dazzling-napkin-4938
08/04/2023, 2:09 AMThe way we are working around this is we have an endpoint on our own API which in turn calls the kratos admin API’s extend session: https://www.ory.sh/docs/reference/api#tag/identity/operation/extendSession
dazzling-napkin-4938
08/04/2023, 2:10 AMour use case is essentially “mobile app stays logged in for up to 4 weeks of no activity”. So we have the kratos session duration set to 4 weeks, and each app startup we decide whether we need to extend the session
dazzling-napkin-4938
08/04/2023, 2:11 AMit’s not the same, because the current token lifespan is just extended, where ideally you would be able to get a new token from Kratos
t
thankful-secretary-66849
08/05/2023, 12:14 PMYeah currently doing the same. But the idea of the refreshing the token is if ever the sessionToken gets compromised then someone else can pretend the original user and do actions with the same sessionToken. I believe the current implementation for ory is to ask the user to login again when the session is about to expire which technically is fine but annoying for users to keep on logging in again every time.
9 Views