Hi, everyone. I’m facing an issue with Ktor Bearer authentication that I’ve implemented in my Android project. The scenario is that when the client tries to get a refresh token, but the token has also expired, how can I detect that the user cannot refresh the token and log them out of the app?

Is it a jwt?

Do you mean when the client tries to refresh the token but cannot do it because the refresh token has expired?

Here’s a polished response: Yes, that’s correct. The scenario is that the refresh token has expired, and the client, which is implemented using Ktor with the

Auth

plugin, has the refresh token logic encapsulated like this:

install(Auth) {

bearer {

refreshTokens {

// refresh logic

}

}

}

When the refresh token expires, the client is unable to refresh its token and encounters a 401 error (indicating the token has expired). The issue is that we cannot recognize that the client is unable to refresh its tokens in this case.

You can either use another instance of the Ktor HTTP client to make the refresh token requests or call the markAsRefreshTokenRequest method within the

HttpRequestBuilder

to prevent indefinite refresh requests and to be able to handle the 401 status from the server.

Thanks for your attention; it fixed my problem.