Refresh Token Migration

Starting in Mobile SDK 13.2, apps can seamlessly migrate a user's refresh token to a new consumer key or different scopes without requiring the user to log out and log back in.

Seamless refresh token migration enables apps to adopt different OAuth configurations, including:

• Token format upgrades - Migrate from standard opaque tokens to JWT-based access tokens.
• App type transitions - Migrate from a connected app to an external client app. See Salesforce Help: Create an External Client App from a Connected App.
• Scope expansion - Exchange a refresh token for a new one that includes additional post-login scopes, such as sfap_api.

• The migration process exchanges the existing refresh token for a new token using the new OAuth configuration.
• If the new configuration requires additional scopes or uses a different consumer key, the user can see the OAuth approval screen.
• After successful migration, the refresh token and access token are replaced, and the consumer key, redirect URI, and scopes are updated in the user account.
• The user org ID and user ID remain unchanged.
• If migration fails, existing credentials remain unchanged.

To migrate a user refresh token to a new OAuth configuration on Android, use these methods on UserAccountManager.

To migrate a user refresh token to a new OAuth configuration on iOS, use migrateRefreshToken on UserAccountManager (Swift) or SFUserAccountManager (Objective-C).