Grant type 'refresh_token' not allowed for the client.

engineering1 · July 17, 2017, 10:38pm

I’m new to Auth0 and have setup a native iOS client. However, when trying to renew access tokens with refresh tokens I get the following error:

“unauthorized_client” with description “Grant type ‘refresh_token’ not allowed for the client.”

I have already implemented openid and offline_access scopes. However, in client settings → Grant types, only Implicit and Authorisation code are available. There is no option for refresh_token to be allowed.

Am I doing something wrong?

phuna · July 18, 2017, 2:11pm

I’m having the same problem. If I created a new client with Native type then I can see Refresh Token grant type, but my app is created quite long time ago and now I don’t see Refresh Token grant type available for it.

jmangelo · July 18, 2017, 3:44pm

Based on the information you provided one possible explanation would be that the client application was not explicitly marked as being a first-party application which was then causing issues with the grant type configuration.

If you haven’t done so already can you ensure that the client application in question is flagged with "is_first_party": true (assuming this is indeed a first-party application). This flag is not surfaced in the Dashboard, but you can update the client application to include it by performing a PATCH client request through the Management API.

If the above does not prove to be the source of the issue please update the question with more information about the configuration of the client application.

jmangelo · July 18, 2017, 3:45pm

Can you check if the suggestion mentioned in my reply resolves the situation; if not, can you also provide additional information about the client.

phuna · July 18, 2017, 4:54pm

Yes it works, thanks @jmangelo

engineering1 · July 18, 2017, 5:04pm

Thanks @jmangelo. I was at an early stage in development so I ended up spawning a new client and that seemed to have the appropriate grant types available. Thank you though

triet.bui · July 24, 2017, 9:50am

@jmangelo and @engineering1 Can you give the link with helpful information about that PATCH request? Thanks.

engineering1 · July 25, 2017, 5:34am

Hey @triet.bui!
This link explains the process of performing a patch request by client ID: Auth0 Management API v2

If you look in the sample body you will see “grant-types”. If you update that to include refresh-token I believe this will work.

Topic		Replies	Views
Unable to enable the refresh_token legacy grant type Help auth0-configuration , refresh-tokens , grant-types	4	4628	March 2, 2018
Auth0 - Third party Application - Refreshing Token - access_denied error Help auth0 , refresh-tokens , authorization-code	2	3005	March 26, 2022
Error "Grant type 'http://auth0.com/oauth/legacy/grant-type/delegation/id_token' not allowed for the client" after saving settings Help lock-10 , delegation , tier1 , firebase	6	5533	March 2, 2018
Error: Grant type client_credentials not allowed for the client Help client-credentials-g	2	27124	March 2, 2018
Grant_types "password" not committing after "Patch" Help api	2	2736	June 6, 2020

Grant type 'refresh_token' not allowed for the client.

Related topics