Hello!
I have a flutter app, and I want to implement a Passwordless SMS login without using Universal Login. I have been following this documentation in Embedded Passwordless Login in Native Applications.
So far, I was able to send an OTP to a phone number using the following:
POST https://example.auth0.com/passwordless/start
Body: {
"client_id": "CLIENT_ID_HERE",
"connection": "sms",
"phone_number": "PHONE_NUMBER_HERE",
"send": "code",
"authParams": {
"scope": "openid profile email"
}
}
And authenticate the user with:
POST https://example.auth0.com/oauth/token
Body: {
"grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp",
"client_id": "CLIENT_ID_HERE",
"username": "PHONE_NUMBER_HERE",
"otp": "123456",
"realm": "sms",
"audience": "AUDIENCE_HERE",
"scope": "openid profile email"
}
But the response I receive doesn’t include a refresh_token
. I only get the following:
{
"access_token": "eyJh...",
"id_token": "eyJh...",
"scope": "openid profile email",
"expires_in": 86400,
"token_type": "Bearer"
}
Also tried to include offline_access
as a scope according to some of the topics that I’ve read, but it still won’t return the refresh_token
.
Am I doing something wrong? Did I miss anything?
I must have looked through every topics with passwordless
, refresh_token
keywords here, but I got nothing so far.
Any input is appreciated, thank you! <3