Error: Missing Refresh Token (SPA SDK)

I’m trying to enable refresh tokens using the SPA SDK, but running into errors.

I have enabled tokens in the app settings.

image1045×867 54.7 KB

I have setup the Auth0Client

new Auth0Client({
  domain: config.auth0.domain,
  clientId: config.auth0.clientId,
  cacheLocation: 'localstorage', // tried with and without this
  useRefreshTokens: true,
  authorizationParams: {
    redirect_uri: `${window.location.protocol}//${window.location.host}`,
    scope: config.auth0.scope, // tried with and without this
  },
})

I have tried with and without “scope” on the client.authorizationParams, as well as with and without “scope” on the getTokenSilently() and loginWithRedirect() calls.

It always results in an error after redirecting back from the Universal login page

Error: Missing Refresh Token (audience: 'MY_AUDIENCE', scope: 'openid profile email offline_access')

I figured it out, I was handling login incorrectly.

I had been calling loginWithRedirect() and to login and getTokenSilently() on page load to get the token. This was actually working all by itself, until I added refresh token. Perhaps it shouldn’t have been?

I needed to be calling handleRedirectCallback() to handle login, before calling getTokenSilently(). After adding this, everything is working.

I sure wish handleRedirectCallback() did the work of stripping the auth parameters out of the querystring so that hitting refresh didnt cause a failure.