Auth0 Home Blog Docs

How can I call the token endpoint in a native app that can't use a client secret?

refresh-tokens
token-endpoint

#1

Refreshing tokens is supposed to use the /oauth/token API.
However, client_secret is a REQUIRED parameter.

There is no client_secret in native app; how can I refresh tokens through this endpoint with a native app (iOS)?


#2

The client secret is required only for confidential clients (those who are able to securely maintain that secret). For public clients which is the case of a native application the client secret can be absent in the request as including it would be irrelevant as the native application could not maintain it as a secret.

If you correctly configured your client application as a native client in the Dashboard (Client Type) then the client secret won’t be required when performing request to the token endpoint.

The documentation you linked to does not clearly reflect this situation so I’ll make a request to update it with additional information in order to reduce confusion.


#3