Refresh auth tokens

jonbonazza · January 2, 2020, 9:37am

Is there a way to refresh an existing auth token (a la OAuth 2 refresh grant type) instead of having to completely re-authenticate? If not, I’d like to request this as a feature request. It’s not a great idea to store client credentials in memory (or worse, on disk) in order to re-authenticate.

I know that the general suggestion is to create tokens that are expected to last longer than a single session, but for us, we have no way of knowing how long a single session might last.

Almost all of the existing authentication types available to Nakama are OAuth2 OpenID, so these should easily support refresh. The only one that wouldn’t is, of course, Email authentication, but this could have a custom refresh method added I would think.

zyro · January 6, 2020, 10:36am

We don’t currently support refreshing tokens directly at the moment, but we’ll consider it.

You can wire this up yourself with an RPC function. Expose a runtime RPC function the client can use to exchange an existing token (or a secondary token at your discretion) for a new one. The authentication reference section has a function that lets you generate auth tokens in the runtime as they would be issued by the server.

Topic		Replies	Views
Question on refreshing auth tokens Game Design server-framework	7	1077	May 18, 2020
Is there support for refresh tokens in Nakama-js? Game Design authentication , sdk-javascript	5	1273	June 8, 2021
Questions about Token and refreshToken invalidating after Nakama restart Runtime Framework server-framework , authentication	11	1128	September 1, 2022
Nakama is not returning a new refresh token Runtime Framework server-framework , golang , lua	1	207	October 12, 2023
How can I refresh the cache after a user changes their username? Game Design authentication , sdk-unity , users	1	718	July 7, 2021

Refresh auth tokens

Related Topics