Hello,
I am trying to build a feature to request an Auth0 token that includes a refresh token in the response. The idea is to have a native Auth0 application for mobile login, and then use the refresh token to get a new access token from the backend (Machine to Machine Auth0 app). However, I encountered the following error:
The client associated with this refresh token (ksOb6....98fn9IQJwvv7i) is different than the one sent in the request (GNtkD4.......hDEymRVNXmB9).
I understand that the refresh token should be requested under the same app.
My question is: How should the refresh token be used in this case? Is the only way to request a new access token for the mobile to perform the refresh token request on the same native app that was used for the initial authentication?
Or is it possible from the accesstoken to get the refreshtoken (i highly doubt it, since it could be reused if someone leaks the accesstoken, and that means like having it’s password 100%).
Thank you.