How to obtain provider's Refresh Token via .NET client library

Help
, ,
1

I’m trying to retrieve the refresh token for a given provider via the Auth0 Management API. Our intention is to store this for later use by non-interactive clients of that provider. I’ve identified this is possible with a raw HTTP request in .NET as follows:

using (var httpClient = new HttpClient())
{
    httpClient.DefaultRequestHeaders.Clear();
    httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {managementApiToken}");

    var response = await httpClient.GetStringAsync($"https://{domain}/api/v2/users/{userIdentifier}");

    var userProfile = JsonConvert.DeserializeObject<Auth0UserProfileResponse>(response);
    var identity = userProfile.identities.FirstOrDefault();
    var token = identity?.refresh_token ?? userProfile.app_metadata?.refresh_token;
    if (token == null)
    {
        throw new Exception("No refresh token found on user profile");
    }

    return new RefreshToken(token, identity?.provider);
}

Given an Auth0 user Identity along the lines of, e.g., google-oauth2|0123456789012347890, we can retrieve the refresh token from Google by inspecting the refresh_token element of the identity object returned from the Get Users by ID API. However, the same is not possible when using the Auth0 .NET Management API client library: the Refresh Token is not exposed as a property on Auth0.ManagementApi.Models.Identity. Is this a deliberate choice? If so, what is the recommended (and supported) way of retrieving a provider’s refresh token for a given user?

2

I don’t believe it was a deliberate choice and more like the static nature of .NET C# kicking in. I submitted a pull request to include the RefreshToken property to the Identity class which maps to the refresh_token property coming from the Management API.

Assuming my initial impression is correct and this was just missing and not a deliberate choice then the pull request should be accepted and this available in the next release of that package.

Have in mind that not all social providers will have an associated refresh token available; see the reference documentation for additional info on this.

3

That’s great, thanks so much @jmangelo! Fingers crossed for a swift merge-and-release :slight_smile: That documentation link was useful; I’ve shared it with my team and we’ll ponder the implications.

4

That’s great, thanks so much @jmangelo! Fingers crossed for a swift merge-and-release :slight_smile: That documentation link was useful; I’ve shared it with my team and we’ll ponder the implications.