Can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

It works well when using rotating refresh tokens but the problem is that the user would potentially have to re-login every 90 days (max expiry for rotating tokens).

Implementing Authorization Code Flow (PKCE) in a Cordova app sets ‘origin’ header in the requests and Auth0 then doesn’t include the refresh token. Omitting the origin header would work and if this was a native app then I think this would work.

Resource Owner Password flow would work too but this approach isn’t recommended.

So my question is can I get a long-lived refresh token for a Cordova/Ionic app using Auth0?

Thanks!

I’m having the same issue using Ionic. I have my native app as OIDC conformant (I made this app in 2020 not 2017 so it’s not legacy) and have the advanced setting with the grant of refresh token enabled. For the scope in the app itself I use scope: 'openid profile offline_access' this includes the offline_access scope.I double checked the docs and this is related to getting the refresh token for the app. I have no rules or anything like setup so I don’t know why it’s not returning the refresh token.

Looks like this https://github.com/auth0/auth0-cordova/issues/120#issuecomment-592655457
answers my problem.