Token refresh

UI Bakery offers token refresh functionality for OpenID providers

When the OAuth token expires, UI Bakery will attempt to refresh it under the following conditions:

  • The variable UI_BAKERY_SSO_BROADCAST_TOKEN must be set to true

  • The refresh_token claim must be present

  • The expires_in claim must also be present

You can control UI Bakery's token refresh logic using the following environment variables:

  • UI_BAKERY_OAUTH_FORCE_TOKEN_REFRESH. If set to true, the SSO token will be refreshed with every UI Bakery token refresh. You can adjust the variable UI_BAKERY_JWT_ACCESS_TOKEN_EXPIRATION to control UI Bakery token lifetime.

  • UI_BAKERY_OAUTH_SIGN_OUT_WHEN_TOKEN_EXPIRED. When set to true, if the user token cannot be refreshed, the user will be logged out from UI Bakery.

  • UI_BAKERY_OAUTH_SYNC_ROLES_ON_TOKEN_REFRESH. If set to true, roles will be synchronized every SSO token refresh.

You can use the SSO token in datasource requests.

Last updated