Can't refresh tokens which are from Device Auth Code

minsuk.kang.2970 · June 27, 2023, 10:00pm

Hi there.
I’m using a device code authorization (oauth/device/code) to allow log in to my application.
While scanning device code from a second device, I poll the tokens on the first device and can successfully retrieve them. e.g. (grant_type=urn:ietf:params:oauth:grant-type:device_code&device_code=$deviceCode&client_id=$clientId)

Now the problem is when I try to refresh the tokens, I get the MFA error.

curl --request POST --url ‘https://domain/oauth/token’ --header ‘content-type: application/x-www-form-urlencoded’ --data ‘grant_type=refresh_token’ –
data ‘client_id=$clientId’ --data ‘scope=openid profile email offline_access’ --data ‘refresh_token=$refreshToken’
{“error”:“mfa_required”,“error_description”:“Multifactor authentication required”,“mfa_token”:“blahblahblah”}

Could you please advice what I might be missing in order to successfully refresh the tokens?
Auth0 I’m running on is an Android native application.

Thank you.

tyf · June 27, 2023, 10:15pm

Hello there @minsuk.kang.2970 welcome to the community!

You should be able to introduce an Action to work around the requiring of MFA for refresh token exchanges - Please see the following:

Hope this helps!

system · July 11, 2023, 10:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.