Grant not found, cannot refresh access token

Sometimes, when a user reopens our app and we try and do a silent login using CredentialsManager credentials(withScope:callback:) we get an error saying “Grant not found, cannot refresh access token”.
When we originally log in the user we use openid offline_access in the scope, and it seems like we have refresh tokens enabled, so we’re not sure what is causing this error. Does anybody have any idea why this might be happening?

Hi @guy,

Could you provide some more context for us? What quickstart/framework are you using? Could you also post the code where you initializing and requesting the token with those scopes.

Thanks,
Dan

Hi @dan.woda,

I’m using the Auth0.swift framework.

Signup

let auth0Authentication = Auth0.authentication()
auth0Authentication
    .createUser(email: email,
                username: nil,
                password: password,
                connection: "Username-Password-Authentication",
                userMetadata: nil)
    .start { [weak self] result in
        switch result {
        case .success(let databaseUser):
            self?.login(userInfo: userInfo) { (user, error) in
                completion(user, error)
            }
        case .failure(let error):
            self?.handleLoginError(error: error, completion: completion)
        }
}

Login

auth0Authentication
    .login(usernameOrEmail: email,
           password: password,
           realm: "Username-Password-Authentication",
           audience: audience,
           scope: "openid profile email offline_access",
           parameters: nil)
    .start { [weak self] result in
        switch result {
        case .success(let credentials):
            self?.credentials = credentials
            completion(user, nil)
        case .failure(let error):
            self?.handleLoginError(error: error, completion: completion)
        }
}

Silent login

let credentialsManager = CredentialsManager(authentication: auth0Authentication)
if credentialsManager.hasValid() {
    credentialsManager.credentials { [weak self] (error, credentials) in
        self?.credentials = credentials
        if let error = error {
            self?.handleLoginError(error: error, completion: completion)
        } else {
            completion(user, nil)
        }
    }
} else {
    completion(nil, Errors.invalidCredentials)
}

The handleLoginError function is mostly used to either display any error found or to continue through the MFA flow, which we also have enabled.

Thanks,

Guy

Hi @guy,

Can you check and see if you OIDC conformant flag is set to true or false?

It should be in the app settings → advanced settings → Oauth

Thanks,
Dan

@dan.woda it’s set to true.

@guy

Can you confirm that the refresh_token grant type is checked in advanced settings → grant types?

@dan.woda yes, it’s enabled

Maybe this helps (it’s Android related, but it’s about the same error message. I myself am not too familiar with Swift or the iOS SDK):

https://github.com/auth0/Auth0.Android/issues/69#issuecomment-272903700

1 Like

@mathiasconradt I saw this when we first encountered the problem. Doesn’t really help, unfortunately, as it’s for proper use of the Android SDK.

@guy,

Can you please DM you tenant name and the first few characters of the client id?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.