Can't generate refresh token for Salesforce Authentication Provider

I’m trying to the use Saleforce Authentication Provider with Auth0. I can get the OAuth token, but I keep getting the error

“The authentication provider didn’t provide a refresh token. If the access token expires, your org won’t be able to access this named credential”

I’ve tried to follow the information on how to enable refresh tokens

The application is OIDC Compliant

I’ve configured the Salesforce Authentication provider with the audience of the API.
I’ve configured the Named Credential to request the openid profile offline_access scopes
I’ve configured the API to allow offline_access.

The request to Auth0 matches the documentation
https://xxxx.auth0.com/authorize?
audience={API_AUDIENCE}&
scope=offline_access&
response_type=code&
client_id=xxxx&
redirect_uri=Problem Logging In | Salesforce
state={OPAQUE_VALUE}

The token exchange succeeds, but I don’t get the refresh token.

Is there something else that I’m missing? I did get this to work one time, but now I’m trying to document the steps, and can’t seem to reproduce the state where this is successful.

1 Like

Hi Josh, and welcome to the community! :tada:

I assume you are using the Salesforce social connection. In this, in order to get a refresh token I think you’ll need to make sure everything is set up correctly on the Salesforce side of things. Although I have not done this myself, based on this article: Salesforce Developers I believe you need to enable the offline_access scope in Salesforce. Have you enabled that scope in Salesforce?

If you have, can you try doing the authorization code flow to Salesforce yourself, and seeing if a refresh token is return?

1 Like

@josh.bregman1 Did you ever get this worked out? Any confirmed examples of getting a refresh token with a Salesforce Social Login?

My team is also dealing with this issue, we have the offline_access and refresh_token scopes configured.

image