How does Kratos handle access/refresh tokens for social sign in?

[johnbwu]

We are integrating our existing app as an OIDC identity provider for Kratos.
Right now the flow is:

1. Visit kratos self-service UI
2. Click sign in with generic
3. Redirected to our app, user logs in, and clicks consent
4. Redirected back to Kratos with an authorization code, Kratos uses this code to get an access token, refresh token, and id token.

My question is, will Kratos continously refresh the access/refresh token in the background? Or will we have to change step 3. in our app to not require consent if the user has already consented?

Thanks

[vinckr]

My question is, will Kratos continously refresh the access/refresh token in the background?

ORY Kratos does not refresh or issue tokens, that would be handled by your OIDC provider, i.e. your existing app or for example ORY Hydra.
The existing app that is used as OIDC provider here would have to issue and manage tokens.
You can set how long refresh tokens are valid in ORY Hydra, see the reference configuration.

[vinckr]

Hey @johnbwu,
It seems I misunderstood you question a bit 😄
The refresh and access tokens issued by the OIDC provider are at the moment not stored in Ory Kratos.
But we would like to add that feature to Ory Kratos!
Maybe you are up to creating an issue kicking off the process for this feature?