Question around authenticated web messaging,
When the access token is renewed does it also refresh the session cookie with the authentication provider? Does it reset the idle time? How does that refresh actually play out?
Hi,
The answer to all your questions is likely no, but this probably depends on the authentication provider.
No user session is initiated as part of the OpenID protocol.
Session management is most of the time specific to authentication providers.
We don't handle cookies either as our service is server side.
Refresh allows to retrieve a new Access Token and potentially a new refresh token if rotation is enabled.
There is no further action.
Regards,
V.P.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.