Hi, I am trying to add authorization to our IFTTT-endpoint. I must give IFTTT a refresh token together with the first access token. The problem is that I am not able to change the request IFTTT makes and are therefore not able to add the offline_access scope. How can I still give a refresh token?
Unfortunately it’s not possible. IFTTT shouldn’t assume that without explicitly requesting a refresh token, it would automatically be returned.
The use of the ‘offline_access’ scope, as defined in OpenID.Core, is RECOMMENDED to give clients the capability to explicitly request a refresh token.
Note that the specs say
The use of Refresh Tokens is not exclusive to the offline_access use case. The Authorization Server MAY grant Refresh Tokens in other contexts that are beyond the scope of this specification.
however, Auth0 requires the offline_access scope in the request.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.