Skip to content

Commit

Permalink
Update FAQ.md
Browse files Browse the repository at this point in the history 
Co-authored-by: Adam Mcgrath <[email protected]>
  • Loading branch information
@frederikprijck @adamjmcgrath
frederikprijck and adamjmcgrath committed Sep 15, 2023
1 parent c6a8e70 commit 4031b99
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion FAQ.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,4 +107,4 @@ Authentication is about who you are (id token), not what you can do (access toke
So even when the refresh token fails, or `getTokenSilently` returns nothing, that doesn't impact the existence of the id token, and as a consequence of that, the authentication state. So it's expected for isAuthenticated to stay true in that case.

On top of that, the SDK can have multiple access tokens and multiple refresh tokens (e.g. when using multiple audience and scope combinations to call multiple API's), but only one id token.
If there are multiple access and refresh tokens, and one of the refresh tokens fails, it doesnt mean the other access tokens or refresh tokens are invalid and they might still be perfectly usable.
If there are multiple access and refresh tokens, and one of the refresh tokens fails, it doesn't mean the other access tokens or refresh tokens are invalid, they might still be perfectly usable.

0 comments on commit 4031b99

Please sign in to comment.