Get/Create Refresh token

patrick-urbidesk · April 26, 2024, 7:00am

Hi @marcelina.barycka @dan.woda, @tyf, @rueben.tiow , @

how to do if i want to return a refresh token with my access token when i authenticate please?

for example if i try this to get the authorization code:

https://urbidesk-prod.eu.auth0.com/authorize?audience=https://prod.auth.urbidesk.com&scope=offline_access&response_type=code&client_id=my_client_id&redirect_uri=undefined&state=xyz123ABC

i got 400 Bad request

Thanks for advance

dawid.matuszczyk · April 26, 2024, 11:58am

Hi @patrick-urbidesk

Welcome back to the Auth0 Community!

Thank you for posting your question. I’ve checked the logs for your tenant and see several failed login attempts that are undefined as redirecturi and invalid. Can you try to adjust the redirect_uri for the application that you are trying and set a proper client_id from the application list? If you want to access the API from the M2M application, you must Authorize it first in the API-> select API → Machine to Machine Applications.

https://auth0.com/docs/secure/tokens/refresh-tokens/get-refresh-tokens

Thanks
Dawid

patrick-urbidesk · April 26, 2024, 12:15pm

thanks @dawid.matuszczyk for your response but after applying your suggestion i landed on the signin page of my app and i want to ask how to get the result as a json or something like that but i got full HTML.

My objective is to get the response like that

{
  "access_token": "eyJz93a...k4laUWw",
  "refresh_token": "GEbRxBN...edjnXbL",
  "id_token": "eyJ0XAi...4faeEoQ",
  "token_type": "Bearer"
}

but as the first step i need to get the authorization code by executing this

https://XXXXXXX/authorize?
response_type=code&
client_id=my_cliend_id&
redirect_uri={https://yourApp/callback}&
scope={scope}&
state={state}

then use the code into this one

curl --request POST
–url ‘XXXXXX/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=authorization_code
–data ‘client_id=my_client_id’
–data ‘client_secret={yourClientSecret}’
–data ‘code=yourAuthorizationCode}’
–data ‘redirect_uri={https://yourApp/callback}’

as in the Auth0 docs or i missed something?

thanks

dawid.matuszczyk · April 26, 2024, 12:38pm

Yes you are correct!

The code you will get back from the Auth0 as a part of the URL as part of the URL:

{https://yourApp/callback}?code=BPPLN3Z4qCTvSNOy. You can exchange this code with an access token using the /oauth/token endpoint.

In the Doc that I’m supposed you are referring to Get Refresh Tokens there are multiple example of getting the access token along refresh token.

Thanks
Dawid

patrick-urbidesk · April 26, 2024, 12:54pm

@dawid.matuszczyk i have some error like this in my url

##https://urbidesk.com/?error=access_denied&error_description=Service%20not%20found%3A%20urbidesk-prod.eu.auth0.com&state=xyz123ABC##

when i with this

https://urbidesk-prod.eu.auth0.com/authorize?audience=urbidesk-prod.eu.auth0.com&scope=offline_access&response_type=code&client_id=my_client_id&redirect_uri=https://urbidesk.com&state=xyz123ABC

dawid.matuszczyk · April 26, 2024, 1:16pm

I’ve double check with your tenant and the audience may be incorrect. It should be the Identifier from the API settings.