According to the documentation for BrowserAuthorizationClient.getAccessToken, the token is supposed to refresh automatically. This does not happen, and looking at the code, it doesn't appear that there is any code to try to do this. I tried to refresh in the client, but the client doesn't have access to the refresh token, and redoing the silent signin before expiration just returns the same token as before until the expiration happens and silent signin no longer works.
Since as far as I can tell, it is impossible for clients to refresh the token, I am entering this as a bug and not a feature request. It should be noted that unless I am misunderstanding, this bug makes @itwin/browser-authorization unusable by production code. You can't release an app that stops working every hour, or one that requires the user to accept the scoping permissions every hour.
According to the documentation for
BrowserAuthorizationClient.getAccessToken, the token is supposed to refresh automatically. This does not happen, and looking at the code, it doesn't appear that there is any code to try to do this. I tried to refresh in the client, but the client doesn't have access to the refresh token, and redoing the silent signin before expiration just returns the same token as before until the expiration happens and silent signin no longer works.Since as far as I can tell, it is impossible for clients to refresh the token, I am entering this as a bug and not a feature request. It should be noted that unless I am misunderstanding, this bug makes
@itwin/browser-authorizationunusable by production code. You can't release an app that stops working every hour, or one that requires the user to accept the scoping permissions every hour.