Disable Refresh Token Rotation

Disable Refresh Token Rotation

You can disable refresh token rotation for each application using Dashboard or the Management API.

Disable with the Dashboard

  1. Go to Dashboard > Application Settings and scroll to the Application Tokens section.

  2. Next to Refresh Token Behavior select Non-Rotating.

    Disable Refresh Token Rotation Screen

  3. Click Save Changes.

Disable with the Management API

  1. Disable refresh token rotation for each application using the Management API:

    to configure this snippet with your account

    const auth0 = await createAuth0Client({
          domain: '{yourDomain}',
          client_id: '{yourClientId}',
          audience: '{yourApiIdentifier}',
          useRefreshTokens: false
        });

    Was this helpful?

    /

  2. Configure the non-rotating refresh token settings as follows:

    PATCH /api/v2/clients/{client_id}
        {
          "refresh_token": {
        "rotation_type": "non-rotating",
        "expiration_type": "non-expiring"
          }
        }

    Was this helpful?

    /

Learn more