Hi. I’m trying to get refresh tokens via the node-auth0 library and have created a Machine to Machine application and an API. I am able to get regular access tokens, but not refresh tokens. According to the docs I need to request the scope “offline_access” when authenticating to receive a refresh token. However when I do so I receive the error “Client has not been granted scopes: offline_access”. I have enabled the “Refresh Token” option for my Machine to Machine application under grant types under advanced settings. I even tried adding the scope to my API under permissions, but doing so simply gives an error “Error! Unexpected failure trying to update api.”. I can’t find any instructions online of how to get this set up. Honestly at this point I’m considering just rolling my own auth, because trying to figure out the insanely messy Auth0 system is taking more time than it’s saving…
Would appreciate any help on how to enable refresh tokens. Thanks…
Hi @micke.young,
You don’t need to get a refresh token for a machine to machine app. Simply send the client credentials and receive a new access token.
Hope this helps,
Dan
Hi. Thanks for the reply. The guides on your website state that you should use refresh tokens wherever possible as it is more secure, since the token will expire sooner if it is stolen. Is this not true? Perhaps you could update the documentation to explain this more clearly.
Sure, I can pass along that feedback. Can you link the docs that were the most confusing?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.