Non interactive client / Resource Owner Password / Refresh Token

dslee · September 25, 2017, 3:40am

I am expecting a refresh_token for the following request. The refresh_token is not in the response. What am I doing wrong?

REQUEST:

{
	"grant_type": "http://auth0.com/oauth/grant-type/password-realm",
	"username": "blah@blah.com",
	"password": "pwd",
	"audience": "https://mayapi.whatever.com/",
	"client_id": "yfyfdsfsdk...",
	"client_secret": "hjklhjkl...",
	"realm": "Username-Password-Authentication",
	"device": "client-mach",
	"scope": "openid offline_access profile"
}

RESPONSE:

{
	"access_token": "eyJ0eXAiOiJKV1QiLCJhbG ...",
	"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOi ...",
	"scope": "openid profile",
	"expires_in": 86400,
	"token_type": "Bearer"
}

dslee · September 25, 2017, 4:12am

Solution:
Make sure the API option “Allow Offline Access” is selected.