AuthenticationException with offline_access

ferobert · April 29, 2020, 9:01am

Hello,

I’m using the latest Android SDK to login:

Auth0 auth0 = new Auth0(this);
auth0.setOIDCConformant(true);
WebAuthProvider.login(auth0)
  .withScope("offline_access")
  .withScheme(getString(R.string.com_auth0_scheme))
  .withAudience(getString(R.string.com_auth0_audience))
  .start(this, new AuthCallback() {
    @Override
    public void onFailure(@NonNull final Dialog dialog) { }
    
    @Override
    public void onFailure(final AuthenticationException e) {
      // "Could not verify the ID token"
    }

    @Override
    public void onSuccess(@NonNull final Credentials credentials) { }
  });

If I comment out the .withScope(“offline_access”) line, I get the access token and id token, and the login flow works fine. With “offline_access” the login flow seems to work in the browser, but I get the “Could not verify the ID token” AuthenticationException in the callback.

How can I get a proper refresh token?

Thanks,
Robert

ferobert · May 1, 2020, 10:08am

After further research, I learned that withScope() overwrites the default “openid” scope, so if I want to specify an extra scope, I’d need to specify both, such as:
.withScope("openid offline_access")

With this I can log in properly, and get both the access and id tokens, like when not using withScope() at all. But, credentials.getRefreshToken() still returns null, like before. So, my original question still stands, how can I get a proper refresh token?

ferobert · May 4, 2020, 5:40pm

The problem turned out to be a backend configuration problem. Offline access was disabled for the audience we used in the login() call.

system · May 19, 2020, 5:40pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.