Hello,
I’m trying to get refresh_token in passwordless flow, according to documentation I tried to add offline_access to scope in auth params and in other configurations, also I couldn’t find any answer that would help me get it properly.
When an authentication is performed with the offline_access scope included, it will return a Refresh Token that can be used to request a new user token, without forcing the user to perform authentication again.
My requests are as follows:
Generating otp:
curl --request POST --url 'https://redacted.eu.auth0.com/passwordless/start' --header 'content-type: application/json' --data '{"client_id": "redacted", "client_secret": "redacted", "connection": "sms", "phone_number": "+redacted ", "send": "code", "authParams":{"scope":"offline_access"}}'
Confirming otp:
curl --request POST --url 'https://redacted.eu.auth0.com/oauth/token' --header 'content-type: application/json' --data '{"client_id": "redacted", "client_secret": "redacted", "grant_type": "http://auth0.com/oauth/grant-type/passwordless/otp", "realm": "sms", "username": "+redacted", "otp": "8115"}'
Response doesn’t contain refresh_token:
{"access_token":"redacted","id_token":"redacted","scope":"openid profile email address phone","expires_in":86400,"token_type":"Bearer"}
what am I missing? I doubt that auth0 api is broken rather documentation is unclear at this point, but correct me if I’m wrong