Offline Access and Authentication
FusionAuth can support offline authentication by using signed JWTs and cached public keys. The device must initially log in online to receive an access token and a refresh token, then can verify the access token locally without network calls. A bounded grace period may be allowed for expired tokens until the device reconnects.
- ▪FusionAuth signs JWTs with a private key and publishes the matching public key via the JWKS endpoint, which can be cached on the device for offline verification.
- ▪The first login requires an online connection to obtain a short‑lived access token and a long‑lived refresh token.
- ▪During offline operation the app validates the cached access token locally by checking its signature, expiration, issuer, audience, and any custom claims.
- ▪If the access token expires while offline, the app may permit a limited grace period before requiring the device to reconnect and use the refresh token to obtain a new token.
Opening excerpt (first ~120 words) tap to expand
Home Categories Recent Popular Pricing Contact us Docs Search Login const rect = document.getElementById('header-menu').getBoundingClientRect(); const offset = Math.max(0, rect.bottom); document.documentElement.style.setProperty('--panel-offset', offset + `px`); <div class="alert alert-danger"> <p> Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in <strong>read-only mode</strong>. </p> <p> Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at FusionAuth Forum.
Discussion
0 commentsMore from FusionAuth Forum
