ORT Demo

Online Refresh Tokens Demo

The app logs a user in, requests online_access, gets a short-lived API access token plus an Auth0-bound ORT, and silently refreshes the access token while the Auth0 session is still alive.

Login with Auth0 Force Reauthentication Logout

Signed In User

Not signed in

Login to start the flow.

Access Token

-

Short-lived token for the Expenses API.

Online Refresh Token

-

Bound to the Auth0 session, not rotated.

Refresh Activity

0

No refreshes yet.

Try The Flow

Portal actions

The current access token stays valid until it expires. After you revoke the ORT, the next refresh attempt should fail, which forces the user back to Auth0. 

No API call yet.

Trace

Server-side event log