Missing id_token when refreshing tokens?

dscotton · August 3, 2018, 9:54am

My client has the OIDC Conformant toggle enabled. I have implemented the authorization code flow in my application.

In my initial request to /authorize, I include the following query params:

audience=https://my.audience.com
response_type=code
scope=openid profile offline_access

My understanding is by providing audience I would like to retrieve an access_token. By providing openid I would like to retrieve an id_token. And by providing offline_access I would like to retrieve a refresh_token.

When I perform the code exchange on my callback endpoint after successful authentication, I do correctly get back a response from /oauth/token with the access_token, id_token and refresh_tokens that I require.

However, when I make a request to /oauth/token with a grant_type of refresh_token, I only ever get back an access_token, not an id_token.

There has been a similar thread posted last year where the solution was to make your application OIDC conformant by either enabling the toggle which I’ve done, or by providing ?audience in the initial /authorize request which I’ve also done.

Any ideas?

bruno.krebs · August 3, 2018, 9:37pm

Hi there, an educated guess is that you have to add id_token to response_type as well. Like this:

audience=https://my.audience.com
response_type=code id_token
scope=openid profile offline_access

If this does not solve your issue, let me know and I will help you investigate.

dscotton · August 5, 2018, 6:00pm

Unfortunately that doesn’t solve the problem.

Adding id_token alongside code for the response_type did give me an id_token JWT response with my authorization code (which was a bit unexpected) and I do get a refresh token when I perform the code exchange. However, performing a refresh token request just yields an access_token rather than a new id_token like before.

Here’s the refresh token docs that I’ve been referring to which shows an id_token in the response.

Anything else you think I could try?

konrad.sopala · August 19, 2019, 8:26am

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?

rcoop · November 8, 2022, 4:36pm

I am seeing this same problem- was there ever a resolution found?

Topic		Replies	Views
Missing ID token when refreshing token Help id_token , oidc , refresh_token	1	4080	October 12, 2019
Anyone? Refreshing tokens: id_token missing in refresh_token response? Help oauth , access-token , refresh_token	3	8041	March 2, 2018
Get an access token from an id token Help oidc-conformant	4	3621	September 3, 2019
/oauth/token not returning id_token Help token , id_token	3	12568	March 2, 2018
How to renew id_token based on a refresh token? Help id_token , refresh-tokens	3	12373	March 2, 2018

Missing id_token when refreshing tokens?

Related Topics