Auth0 Home Blog Docs

Missing id_token and refresh_token


I am attempting to login users on a Xamarin.Forms app and allow them to access the apps API and get their information. I am able to login by going to in a webview with the response type as code and then catching when the WebView tries to navigate to the redirect_uri and then extracting the code from the url it is trying to navigate to.

When using the code returned in the redirect_uri to get the tokens from all I get is the access_token, expires_in and token_type no id_token or refresh_token like shown in this guide: Execute an Authorization Code Grant Flow with PKCE.

Is there anything I might be missing?

This is the code for the rest request:

            RestClient client = new RestClient("");
        RestRequest restRequest = new RestRequest(Method.POST);
        restRequest.AddHeader("content-type", "application/json");
        string json = "{\"grant_type\":\"authorization_code\"," +
            "\"client_id\": \"" + Settings.ClientId + "\"," +
            "\"code_verifier\": \"" + Verifier + "\"," +
            "\"code\": \"" + code + "\"," +
            "\"redirect_uri\": \"" + Settings.RedirectUrl + "\" }";

This is the Authorize URL that the webview goes to:

            + "audience="
            + "scopes=offline_access openid&"
            + "response_type=code&"
            + "client_id=" + Settings.ClientId + "&"
            + "code_challenge=" + challenge + "&"
            + "code_challenge_method=S256&"
            + "redirect_uri=" + Settings.RedirectUrl