Refresh a Realm Refresh token?


We’re currently using Realm Authentication (Google/Apple/Local-userpass) with thousands of users.

Right now it looks like the max expiration for Refresh Token is 180 days, this effectively means our users get force logged out every 180 days (even if they use our app every day).

My question is, is there a way to force unlimited expiration? If not, is it possible to refresh a refresh token? We do not want our users to churn away from our app simply because they were forced logged out (and possibly forgot the password/email that they set 6 months ago)

I understand there is another option (JWT custom auth), however this means that we will have to re-create the users and re-link them to the old realm users somehow?

Is there a better solution here?

Many thanks!

Unfortunately, it’s not possible to set refresh tokens longer than 180 days. You have two choices here: anonymous auth (which would not allow you to use user data or permissions, but has unlimited expiration) or custom JWT auth, as you suggest.

For the latter case, you can use the realm admin API to fetch all users.

Then, you could use this data as part of your custom JWT auth to ensure that you return consistent user ids as Realm would have for the same set of credentials. This should allow you to seamlessly switch auth providers.