.. _2026-05-29-automatic-token-refresh-architecture_release:

=================================================================================
2026-05-29 - Automatic Background Token Refresh Architecture
=================================================================================

Release
==================
AgileData.io - Stay Logged In: Automatic Token Refresh Keeps Your Session Alive

AgileData sessions are managed through Google Cloud's Identity-Aware Proxy (IAP), which issues session tokens with a fixed lifespan. If your browser's Firebase authentication token expires before the IAP session does, the mismatch could cause silent failures or force an unexpected re-login. To prevent this, we've implemented automatic background token refresh.

The token refresh runs silently in the background using an iframe that calls the identity service — this means your session token is refreshed without any visible interruption to your work. The IAP session cookie is refreshed on a regular schedule, and if a transient error is encountered on the first attempt, the system retries automatically.

This work is part of the broader investment in session reliability following the identity server launch. The token refresh patterns are now managed centrally by the identity server, keeping the logic in one place and making future changes easier.

**What's New:**

* Automatic Firebase token refresh runs silently in the background using the identity service
* IAP session cookies refreshed on a regular schedule
* Transient token refresh errors are retried automatically
* Token refresh logic centralised in the identity server

**What this means for you:**

* Longer, uninterrupted work sessions without unexpected re-login prompts
* Session token and IAP session stay in sync automatically
* More resilient handling of transient authentication hiccups

Last Refreshed
===========================
*Doc Refreshed: 2026-05-29*