No refresh token when using Passwordless/OTP grant through SMS

smatic · November 3, 2020, 9:54am

Hi!

I’m trying to setup the passwordless/otp flow for my react native app and everything works except for the refresh tokens which are not included in the response from Auth0 API.

These are the exact requests:

POST: https://{AUTH0_DOMAIN}/passwordless/start
{
  "client_id": "My Id",
  "connection": "sms",
  "phone_number": "+46XXXXXXXX", 
  "send": "code", 
  "authParams": { 
    "scope": "openid profile email offline_access"
  }
}

POST: https://{AUTH0_DOMAIN}/oauth/token
{
  "grant_type" : "http://auth0.com/oauth/grant-type/passwordless/otp",
  "client_id": "My Id",
  "username":"+46XXXXXXXX", 
  "otp": "XXXX",
  "realm": "sms", 
  "audience" : "https://{OUR_DOMAIN}.se",
  "scope": "openid profile email offline_access" 
}

Does anyone know how to include the refresh token in the response? I’m currently getting the following response:

{
"access_token": "eyJhbGciOiJSUzI...",
"id_token": "eyJhbGciOiJSUzI...",
"scope": "openid profile email",
"expires_in": 86400,
"token_type": "Bearer"
}

facundo1 · January 12, 2021, 1:14am

I am dealing with the same issue, do we have a way to implement passwordless sms/email otp codes and refresh tokens? If found that some posts that said that is possible and other that says it is not possible.

If is possible please tell us how we can achieve it. If not, is there a way to implement similar passwordless feature without having the users to login every single day?

trevorallred · November 14, 2021, 12:11am

Is there any update here? After implementing passwordless auth, I’m realizing users must login with SMS every day. This isn’t going to work. Are there options to keep users signed in for 30 days?

trevorallred · November 14, 2021, 12:39am

This post helped me finally get a refresh token when using SMS OTP.

Ank · January 23, 2022, 1:35pm

Hi ,

I have been trying to get Passwordless work using SMS OTP (Using Twilio for the same). This is my request…

https://xxx.us.auth0.com/passwordless/start

{
“client_id”: “xxxxxxxxxxxxx”,
“connection”: “sms”,
“phone_number”: “+91961…”, //set for connection=sms
“send”: “code” //if left null defaults to link
}

This gives back a 400 bad request. I have looked at the documentation and this seems to be good. Anyone has faced this kind of issue before??

Samo · July 31, 2023, 6:44am

what post helped you?

Topic		Replies	Views
How to get `refresh_token` for embedded passwordless auth in a native app Help api , passwordless , login , embedded-login , passwordless-sms	4	4582	May 27, 2021
Issue retrieving refresh token in passwordless otp grant type Help	5	3587	January 28, 2020
Unable to retrieve a refresh token using the passwordless link method Help auth0 , passwordless , refresh-tokens , react-native , magic-link	6	5804	October 25, 2021
Access token and refresh token flow with react-native-auth0 Help react-native-auth0 , sdks-quickstarts	1	1023	April 20, 2024
Refresh Token returns null for Passwordless OTP email flow on SPA Help sessions , rotating-refresh-tokens	2	25	September 4, 2024

No refresh token when using Passwordless/OTP grant through SMS

Related Topics