Skip to content

feat: refresh token rotation #14427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

feat: refresh token rotation #14427

wants to merge 5 commits into from
+178 −104

Conversation

soberm
Copy link
Contributor

@soberm soberm commented Jun 13, 2025
edited
Loading

Description of changes

This PR enables refresh token rotation by updating the TokenRefresher to use the new GetTokensFromRefreshToken API instead of InitiateAuth with the REFRESH_TOKEN_AUTH flow. The GetTokensFromRefreshToken API will also work with refresh token rotation not being enabled and issues new ID and access tokens from a valid refresh token. If refresh token rotation is enabled it will also get a new refresh token. However, when enabling refresh token rotation it is not possible to authenticate with REFRESH_TOKEN_AUTH anymore.

Issue #, if available

14396

Description of how you validated changes

Updated existing unit and E2E tests. Manually tested fetchAuthSession to check the tokens are refreshed.

Checklist

  • PR description included
  • yarn test passes
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

  • Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
  • New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pranavosu pranavosu Awaiting requested review from pranavosu pranavosu will be requested when the pull request is marked ready for review pranavosu is a code owner

@sobolk sobolk Awaiting requested review from sobolk sobolk will be requested when the pull request is marked ready for review sobolk is a code owner

@Amplifiyer Amplifiyer Awaiting requested review from Amplifiyer Amplifiyer will be requested when the pull request is marked ready for review Amplifiyer is a code owner

@avi-karthik avi-karthik Awaiting requested review from avi-karthik avi-karthik will be requested when the pull request is marked ready for review avi-karthik is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@soberm