Hello @dan.woda
The request I am sending is the following
curl --location 'https://dev-qzbuevkju0f6s5kg.us.auth0.com/oauth/token' \
--header 'Content-Type: application/json' \
--header 'Cookie: did=s%3Av0%3A3e94caf0-1e36-11ee-971c-c70c19658b19.S3sBGdMXyfjAH3mcTs1GXoN2YRz7g4dtA4ioZqETAM0; did_compat=s%3Av0%3A3e94caf0-1e36-11ee-971c-c70c19658b19.S3sBGdMXyfjAH3mcTs1GXoN2YRz7g4dtA4ioZqETAM0' \
--data '{
"client_id": "client_id",
"client_secret": "client_secret",
"audience": "https://brkz.co",
"grant_type": "client_credentials",
"scope": "read:private read:protected"
}'
and the response is as follows
{
"access_token": "access_token",
"scope": "read:private read:protected",
"expires_in": 86400,
"token_type": "Bearer"
}
The thing is with that flow, I am not able to refresh the token once expired. To get refresh_token, I would need to call /authorize endpoint which renders a login form. Any other way to get the refresh_token since I mainly using M2M setup?
N.B. The current application I am working on does not support email/username. The application expects a mobile number and then sends an OTP to the customer. Once the customer inputs the OTP, gains access and proceeds. At that point, i’ll be attempting to generate an access token to send with future requests but would also need a refresh token in case the access expired.