For my mobile app I employ both passwordless (SMS) login and login via OIDC. When I try to refresh my access tokens, I receive the error message invalid_grant Unknown or invalid refresh token. Note that I am including the offline_access scope on my requests and I have enabled offline access in my API.
The refresh tokens I receive are significantly shorter than any other valid access token or id token that is returned from this endpoint. Any thoughts on why this is happening?
HI @raina
Refresh tokens are opaque, you cannot decode them.
It is hard to tell why you are getting invalid refresh token without more info. One possibility is you are using rotating refresh tokens, and trying to reuse them. That would invalidat the whole chain.
If you post more details, we can try to help.
John
Hey @john.gateley
Thanks so much for the quick response. You were right – I was reusing a refresh token that had already been used. That’s what had been causing the error message.
Thanks again!
Raina
Glad it all came together!