AuthenticationException with offline_access


I’m using the latest Android SDK to login:

Auth0 auth0 = new Auth0(this);
  .start(this, new AuthCallback() {
    public void onFailure(@NonNull final Dialog dialog) { }
    public void onFailure(final AuthenticationException e) {
      // "Could not verify the ID token"

    public void onSuccess(@NonNull final Credentials credentials) { }

If I comment out the .withScope(“offline_access”) line, I get the access token and id token, and the login flow works fine. With “offline_access” the login flow seems to work in the browser, but I get the “Could not verify the ID token” AuthenticationException in the callback.

How can I get a proper refresh token?


After further research, I learned that withScope() overwrites the default “openid” scope, so if I want to specify an extra scope, I’d need to specify both, such as:
.withScope("openid offline_access")

With this I can log in properly, and get both the access and id tokens, like when not using withScope() at all. But, credentials.getRefreshToken() still returns null, like before. So, my original question still stands, how can I get a proper refresh token?

The problem turned out to be a backend configuration problem. Offline access was disabled for the audience we used in the login() call.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.