Auth0: How to get a refresh token and how to exchange that token for a new one in Laravel 7

  auth0, jwt, laravel, laravel-7, php

So what I did is I created a "Regular Web Application" on my auth0 account, along with an API of "Custom API" type to go with my Application.

I used Auth0’s guide to get their login/register/logout function going on my website.
It stores in session the following data:


How can I get a refresh token for my API calls and my Application?
What I tried doing was to follow the guide Auth0 provides but that only got me confused. "Rotation" is enabled on my Settings panel.
It says to used my "Regular Web Application" data to make a cURL call to their services, but when I do I get "Access_Denied, Unauthenticated" as a response when I use a route I made which accepts the "auth0_refresh_token" as a URL parameter and makes a call to their servers like the one their guide suggests.

My route is the following:

Route::get('/generateRefreshToken/{token}',[Auth0UserController::class, 'exchangeRefreshTokenForNewToken']);

To exchange my refresh token I used the following HTTP request:

        $response = Http::withHeaders([
        'content-type' => 'application/x-www-form-urlencoded',
    ])->post(env('AUTH0_APP_URL'), [
        "grant_type" => 'refresh_token',
        "client_id" => env('AUTH0_CLIENT_ID'),
        "client_secret" => env('AUTH0_CLIENT_SECRET'),
        "refresh_token" => $token

I understand that JWT is used as a middleware to protect all my API and WEB routes but how do I exchange my token for a new one using refresh tokens?

Thank you!

Source: Laravel

Leave a Reply