Missing id_token and refresh_token

I am attempting to login users on a Xamarin.Forms app and allow them to access the apps API and get their information. I am able to login by going to https://app-name.eu.auth0.com/authorize in a webview with the response type as code and then catching when the WebView tries to navigate to the redirect_uri and then extracting the code from the url it is trying to navigate to.

When using the code returned in the redirect_uri to get the tokens from https://app-name.eu.auth0.com/oauth/token all I get is the access_token, expires_in and token_type no id_token or refresh_token like shown in this guide: Execute an Authorization Code Grant Flow with PKCE.

Is there anything I might be missing?

This is the code for the rest request:

            RestClient client = new RestClient("https://APP-NAME.eu.auth0.com/oauth/token");
        RestRequest restRequest = new RestRequest(Method.POST);
        restRequest.AddHeader("content-type", "application/json");
        string json = "{\"grant_type\":\"authorization_code\"," +
            "\"client_id\": \"" + Settings.ClientId + "\"," +
            "\"code_verifier\": \"" + Verifier + "\"," +
            "\"code\": \"" + code + "\"," +
            "\"redirect_uri\": \"" + Settings.RedirectUrl + "\" }";

This is the Authorize URL that the webview goes to:

            + "audience=http://API-NAME.azurewebsites.net/&"
            + "scopes=offline_access openid&"
            + "response_type=code&"
            + "client_id=" + Settings.ClientId + "&"
            + "code_challenge=" + challenge + "&"
            + "code_challenge_method=S256&"
            + "redirect_uri=" + Settings.RedirectUrl
1 Like

As it has been more than a few months since this topic was opened, and there has been no reply or further information provided as to the existence of the issue, we are closing this topic. Please don’t hesitate to create a new topic if this issue is still present, we would be happy to work with you to help find a resolution.