When the OAuth token expires, UI Bakery will attempt to refresh it under the following conditions:

• The variable UI_BAKERY_SSO_BROADCAST_TOKEN must be set to true

• The refresh_token claim must be present

• The expires_in claim must also be present

You can control UI Bakery's token refresh logic using the following environment variables:

• UI_BAKERY_OAUTH_FORCE_TOKEN_REFRESH. If set to true, the SSO token will be refreshed with every UI Bakery token refresh. You can adjust the variable UI_BAKERY_JWT_ACCESS_TOKEN_EXPIRATION to control UI Bakery token lifetime.

• UI_BAKERY_OAUTH_SIGN_OUT_WHEN_TOKEN_EXPIRED. When set to true, if the user token cannot be refreshed, the user will be logged out from UI Bakery.

• UI_BAKERY_OAUTH_SYNC_ROLES_ON_TOKEN_REFRESH. If set to true, roles will be synchronized every SSO token refresh.

You can use the SSO token in datasource requests.