For my Native app I’m calling authorize()
with a scope of openid profile offline_access
which results in a request to /oauth/token
with this payload:
{client_id: "BA40...",
code: "GGL..."
code_verifier: "6WzZ..."
grant_type: "authorization_code"
redirect_uri: "com.agilitycoursemaster.acmaster://..."}
Auth0 gives me this response:
{"access_token":"1wHAZCEgjcaqjL7I",
"expires_in":86400,
"refresh_token":"9xTm7Q1-EWTfPfuYPQLxpID9WDgv1PqM3VqIyaAXt05so",
"id_token":"eyJ0e...",
"token_type":"Bearer"}
When I refresh the access_token
the docs seem to indicate I should get back a new id_token
because I had an original scope including openid
:
My /oauth/token
post payload:
{client_id: "BA40..."
grant_type: "refresh_token"
refresh_token: "9xTm7Q1-EWTfPfuYPQLxpID9WDgv1PqM3VqIyaAXt05so"}
But the Auth0 response doesn’t include a new id_token
:
{"access_token":"TeWVSARHqyMXmM1q",
"expires_in":86400,
"token_type":"Bearer"}
Can someone tell me what I’m doing wrong?