.png?width=210&height=60&name=zitadel-logo_text-dark%20(1).png){kind=logo}
How to enable and receive Refresh Tokens
This article outlines the steps to enable refresh tokens in the Zitadel console and receive them in your application
What is a Refresh Token?
Refresh tokens are defined in RFC 6749 as credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires, or to obtain additional access tokens with identical or narrower scope.
How to get a Refresh Token?
- Enable Refresh Tokens in your application settings. Open your Zitadel console and navigate to your application settings, inside your project, and enable the refresh token checkbox.
- Configure your code to include the 'offline_access' scope in your authorize request, this will tell Zitadel that your app expects to receive a refresh token.
Zitadel issues rotating refresh tokens, this means that when you use the refresh token to get a new access token (refresh token grant), you will get a new refresh token as well.
References: