Get/Create Refresh token

Hi @marcelina.barycka @dan.woda, @tyf, @rueben.tiow , @

how to do if i want to return a refresh token with my access token when i authenticate please?

for example if i try this to get the authorization code:

i got 400 Bad request

Thanks for advance

Hi @patrick-urbidesk

Welcome back to the Auth0 Community!

Thank you for posting your question. I’ve checked the logs for your tenant and see several failed login attempts that are undefined as redirecturi and invalid. Can you try to adjust the redirect_uri for the application that you are trying and set a proper client_id from the application list? If you want to access the API from the M2M application, you must Authorize it first in the API-> select API → Machine to Machine Applications.


thanks @dawid.matuszczyk for your response but after applying your suggestion i landed on the signin page of my app and i want to ask how to get the result as a json or something like that but i got full HTML.

My objective is to get the response like that

  "access_token": "eyJz93a...k4laUWw",
  "refresh_token": "GEbRxBN...edjnXbL",
  "id_token": "eyJ0XAi...4faeEoQ",
  "token_type": "Bearer"

but as the first step i need to get the authorization code by executing this


then use the code into this one

curl --request POST
–url ‘XXXXXX/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=authorization_code
–data ‘client_id=my_client_id’
–data ‘client_secret={yourClientSecret}’
–data ‘code=yourAuthorizationCode}’
–data ‘redirect_uri={https://yourApp/callback}’

as in the Auth0 docs or i missed something?


Yes you are correct!

The code you will get back from the Auth0 as a part of the URL as part of the URL:

{https://yourApp/callback}?code=BPPLN3Z4qCTvSNOy. You can exchange this code with an access token using the /oauth/token endpoint.

In the Doc that I’m supposed you are referring to Get Refresh Tokens there are multiple example of getting the access token along refresh token.


@dawid.matuszczyk i have some error like this in my url


when i with this

I’ve double check with your tenant and the audience may be incorrect. It should be the Identifier from the API settings.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.