Does the OIDC refresh token need any permanent cache?

Henri Mikkonen henri.mikkonen at
Tue May 12 14:09:39 UTC 2020

Hi Jim,

> Does the refresh token carry within it enough information for the IdP to issue a new id token?  Or is there a permanent cache needed somewhere?

Yes: all the needed information is encoded inside the refresh_token (which is encrypted via data sealer). Depending on your attribute-resolver configuration, also the attribute/claim values might be included [1].

There’s no need (actually not even support at the moment) for any server-side cache/storage regarding them.


[1] <>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list