Missing id_token when refreshing tokens?

dscotton · August 3, 2018, 9:54am

My client has the OIDC Conformant toggle enabled. I have implemented the authorization code flow in my application.

In my initial request to /authorize, I include the following query params:

audience=https://my.audience.com
response_type=code
scope=openid profile offline_access

My understanding is by providing audience I would like to retrieve an access_token. By providing openid I would like to retrieve an id_token. And by providing offline_access I would like to retrieve a refresh_token.

When I perform the code exchange on my callback endpoint after successful authentication, I do correctly get back a response from /oauth/token with the access_token, id_token and refresh_tokens that I require.

However, when I make a request to /oauth/token with a grant_type of refresh_token, I only ever get back an access_token, not an id_token.

There has been a similar thread posted last year where the solution was to make your application OIDC conformant by either enabling the toggle which I’ve done, or by providing ?audience in the initial /authorize request which I’ve also done.

Any ideas?

bruno.krebs · August 3, 2018, 9:37pm

Hi there, an educated guess is that you have to add id_token to response_type as well. Like this:

audience=https://my.audience.com
response_type=code id_token
scope=openid profile offline_access

If this does not solve your issue, let me know and I will help you investigate.

dscotton · August 5, 2018, 6:00pm

Unfortunately that doesn’t solve the problem.

Adding id_token alongside code for the response_type did give me an id_token JWT response with my authorization code (which was a bit unexpected) and I do get a refresh token when I perform the code exchange. However, performing a refresh token request just yields an access_token rather than a new id_token like before.

Here’s the refresh token docs that I’ve been referring to which shows an id_token in the response.

Anything else you think I could try?

konrad.sopala · August 19, 2019, 8:26am

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?

rcoop · November 8, 2022, 4:36pm

I am seeing this same problem- was there ever a resolution found?

Topic		Replies	Views
refreshToken missing from request.oidc Help oidc , refresh_token	3	3422	January 6, 2022
Not getting refresh tokens Help login-experience	2	266	April 4, 2024
Oauth/token not returning refresh token Help refresh-tokens	10	22842	August 29, 2023
Refresh_token grant type does not return a new refresh_token Help refresh-tokens , grant-types	2	4316	August 11, 2019
Refresh Token not in /oauth/token payload Help refresh_token	3	5070	June 13, 2020

Missing id_token when refreshing tokens?

Related Topics