Yes, you can regenerate the session token without logging in again by using the refresh token. When a client refreshes an access token, the old access token becomes invalid, and only the new token is valid. The client can continue accessing the protected resource with the new access token. Here's an example of how to refresh an access token with Ory:

javascript // Set up the endpoint and refresh token   const endpoint = "<https://oauth2.example.com/token>"   const refreshToken = "<refresh token>"   const clientId = "<client id>"   const clientSecret = "<client secret>"      const params = new URLSearchParams({    grant_type: "refresh_token",    refresh_token: refreshToken,    scope: "scope1 scope2",    client_id: clientId,    client_secret: clientSecret,   })   // Send a POST request to refresh the access token   fetch(endpoint, {    method: "POST",    headers: {    "Content-Type": "application/x-www-form-urlencoded",    },    body: params.toString(),   })    .then((response) => {    if (!response.ok) {    throw new Error("Failed to refresh access token")    }    return response.json()    })    .then((data) => {    console.log("New access token:", data.access_token)    console.log("New ID token:", data.id_token)    console.log("New refresh token:", data.refresh_token)    })    .catch((error) => {    console.error(error)    })

Please note that Ory uses opaque tokens for refresh tokens because they must be immediately revocable if needed. For more details, you can refer to the [Ory documentation on refreshing an access token](https://www.ory.sh/docs/oauth2-oidc/refresh-token-grant#refreshing-an-access-token).

I'm sorry for the confusion. In the context of Ory Kratos, session tokens are managed differently. When a session expires in Ory Kratos, the user is required to authenticate again. There isn't a built-in mechanism to regenerate the session token without logging in again once it's expired. Ory Kratos handles sessions by creating a session cookie in the user's browser upon successful authentication. This session cookie is then used for subsequent requests to identify the user. Once this session expires, the user will need to authenticate again to create a new session. For more details, you can refer to the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/).

A message from kapa.ai

Yes, you can use the

earliest_possible_extend

configuration in Ory Kratos to manage the refresh behavior of sessions. This configuration allows you to limit the time in which the session can be refreshed. For example, if you set

earliest_possible_extend

to

24h

, sessions can't be refreshed sooner than 24 hours before they expire. If you need high flexibility when extending sessions, you can set

earliest_possible_extend

to

lifespan

, which allows sessions to be refreshed during their entire lifespan, even right after they are created. Here's how you can update this configuration:

yaml session:   cookie:    domain: {project.slug}.<http://projects.oryapis.com|projects.oryapis.com>    name: ory_session_{name}    path: /    persistent: false    same_site: Lax   lifespan: 720h0m0s   earliest_possible_extend: 24h0m0s

And then update the Ory Identities configuration using the file you worked with:

bash ory update identity-config {project-id} --file identity-config.yaml

Please note that if you set

earliest_possible_extend

to

lifespan

, all sessions will constantly be refreshed! For more details, you can refer to the [Ory Kratos documentation on session management](https://www.ory.sh/docs/kratos/session-management/refresh-extend-sessions#refresh-threshold).