I am attempting to login users on a Xamarin.Forms app and allow them to access the apps API and get their information. I am able to login by going to https://app-name.eu.auth0.com/authorize in a webview with the response type as code and then catching when the WebView tries to navigate to the redirect_uri and then extracting the code from the url it is trying to navigate to.
When using the code returned in the redirect_uri to get the tokens from https://app-name.eu.auth0.com/oauth/token all I get is the access_token, expires_in and token_type no id_token or refresh_token like shown in this guide: Execute an Authorization Code Grant Flow with PKCE.
Is there anything I might be missing?
This is the code for the rest request:
RestClient client = new RestClient("https://APP-NAME.eu.auth0.com/oauth/token");
RestRequest restRequest = new RestRequest(Method.POST);
restRequest.AddHeader("content-type", "application/json");
string json = "{\"grant_type\":\"authorization_code\"," +
"\"client_id\": \"" + Settings.ClientId + "\"," +
"\"code_verifier\": \"" + Verifier + "\"," +
"\"code\": \"" + code + "\"," +
"\"redirect_uri\": \"" + Settings.RedirectUrl + "\" }";
This is the Authorize URL that the webview goes to:
"https://APP-NAME.eu.auth0.com/authorize?"
+ "audience=http://API-NAME.azurewebsites.net/&"
+ "scopes=offline_access openid&"
+ "response_type=code&"
+ "client_id=" + Settings.ClientId + "&"
+ "code_challenge=" + challenge + "&"
+ "code_challenge_method=S256&"
+ "redirect_uri=" + Settings.RedirectUrl