Auth0 Home Blog Docs

Grant type 'refresh_token' not allowed for the client.

api
api-authorization
refresh_token

#1

I’m new to Auth0 and have setup a native iOS client. However, when trying to renew access tokens with refresh tokens I get the following error:

“unauthorized_client” with description “Grant type ‘refresh_token’ not allowed for the client.”

I have already implemented openid and offline_access scopes. However, in client settings -> Grant types, only Implicit and Authorisation code are available. There is no option for refresh_token to be allowed.

Am I doing something wrong?


#2

I’m having the same problem. If I created a new client with Native type then I can see Refresh Token grant type, but my app is created quite long time ago and now I don’t see Refresh Token grant type available for it.


#3

Based on the information you provided one possible explanation would be that the client application was not explicitly marked as being a first-party application which was then causing issues with the grant type configuration.

If you haven’t done so already can you ensure that the client application in question is flagged with "is_first_party": true (assuming this is indeed a first-party application). This flag is not surfaced in the Dashboard, but you can update the client application to include it by performing a PATCH client request through the Management API.

If the above does not prove to be the source of the issue please update the question with more information about the configuration of the client application.


#4

Can you check if the suggestion mentioned in my reply resolves the situation; if not, can you also provide additional information about the client.


#5

Yes it works, thanks @jmangelo


#6

Thanks @jmangelo. I was at an early stage in development so I ended up spawning a new client and that seemed to have the appropriate grant types available. Thank you though :slight_smile:


#7

@jmangelo and @engineering1 Can you give the link with helpful information about that PATCH request? Thanks.


#8

Hey @triet.bui!
This link explains the process of performing a patch request by client ID: https://auth0.com/docs/api/management/v2#!/Clients/patch_clients_by_id

If you look in the sample body you will see “grant-types”. If you update that to include refresh-token I believe this will work.


#9