Auth0 Home Blog Docs

Can't generate refresh token for Salesforce Authentication Provider

I’m trying to the use Saleforce Authentication Provider with Auth0. I can get the OAuth token, but I keep getting the error

“The authentication provider didn’t provide a refresh token. If the access token expires, your org won’t be able to access this named credential”

I’ve tried to follow the information on how to enable refresh tokens

The application is OIDC Compliant

I’ve configured the Salesforce Authentication provider with the audience of the API.
I’ve configured the Named Credential to request the openid profile offline_access scopes
I’ve configured the API to allow offline_access.

The request to Auth0 matches the documentation
https://xxxx.auth0.com/authorize?
audience={API_AUDIENCE}&
scope=offline_access&
response_type=code&
client_id=xxxx&
redirect_uri=https://login.salesforce.com/services/authcallback/xxxxxxxx&
state={OPAQUE_VALUE}

The token exchange succeeds, but I don’t get the refresh token.

Is there something else that I’m missing? I did get this to work one time, but now I’m trying to document the steps, and can’t seem to reproduce the state where this is successful.

1 Like

Hi Josh, and welcome to the community! :tada:

I assume you are using the Salesforce social connection. In this, in order to get a refresh token I think you’ll need to make sure everything is set up correctly on the Salesforce side of things. Although I have not done this myself, based on this article: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_defining_remote_access_applications.htm I believe you need to enable the offline_access scope in Salesforce. Have you enabled that scope in Salesforce?

If you have, can you try doing the authorization code flow to Salesforce yourself, and seeing if a refresh token is return?

1 Like