Auth0 Home Blog Docs

Include refresh token

Hi, I am trying to add authorization to our IFTTT-endpoint. I must give IFTTT a refresh token together with the first access token. The problem is that I am not able to change the request IFTTT makes and are therefore not able to add the offline_access scope. How can I still give a refresh token?

Unfortunately it’s not possible. IFTTT shouldn’t assume that without explicitly requesting a refresh token, it would automatically be returned.

https://tools.ietf.org/html/rfc7628

The use of the ‘offline_access’ scope, as defined in OpenID.Core, is RECOMMENDED to give clients the capability to explicitly request a refresh token.

Note that the specs say

The use of Refresh Tokens is not exclusive to the offline_access use case. The Authorization Server MAY grant Refresh Tokens in other contexts that are beyond the scope of this specification.

however, Auth0 requires the offline_access scope in the request.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.