Disable Refresh Token Rotation

Application Credentials
Attack Protection
Continuous Session Protection
Highly Regulated Identity
Auth0’s Mobile Driver's License Verification Service
Multi-Factor Authentication
Security Center
Security Guidance
Sender Constraining
Tokens
- Overview
- JSON Web Tokens
- ID Tokens
- Access Tokens
- Delegation Tokens
- Refresh Tokens
- Revoke Tokens
- Manage Refresh Tokens with Auth0 Management API
- Token Best Practices
- Token Vault

On this page

Disable with the Dashboard
Disable with the Management API
Learn more

You can disable rotation for each application using Dashboard or the .

Disable with the Dashboard

From the Auth0 Dashboard, navigate to Applications > Applications and select the application you wish to configure.
On the Settings tab, locate the Refresh Token Rotation section and disable the Allow Refresh Token Rotation toggle.
Select Save Changes at the bottom of the screen.

Disable with the Management API

Disable refresh token rotation for each application using the Management API:

const auth0 = await createAuth0Client({
      domain: '{yourDomain}',
      client_id: '{yourClientId}',
      audience: '{yourApiIdentifier}',
      useRefreshTokens: false
    });

Configure the non-rotating refresh token settings as follows:

PATCH /api/v2/clients/{client_id}
    {
      "refresh_token": {
    "rotation_type": "non-rotating",
    "expiration_type": "non-expiring"
      }
    }

Learn more

Use Refresh Token Rotation

Revoke Refresh Tokens

Protect Your Application

Protect Your Tenant

Compliance

Disable Refresh Token Rotation

Disable with the Dashboard

Disable with the Management API

Learn more

Protect Your Application

Protect Your Tenant

Compliance

​Disable with the Dashboard

​Disable with the Management API

​Learn more

Disable with the Dashboard

Disable with the Management API

Learn more