I have a native app in Auth0, using the PKCE flow. When I call
Auth0.authorize() from my Ionic app, using Auth0.js, I’m getting an access token and an ID token, but no refresh token.
I am passing the
offline_access scope to
Auth0.authorize() (as well as
openid profile). The API I’m using has “Allow Offline Access” enabled. I have no rules defined.
The app in Auth0 has the following grants enabled in the advanced settings: Implicit, Authorization Code, Refresh Token.
In my config for Auth0 in my client app, I’m setting:
..., audience: 'xxxxxxxxx', /* My API identifier */ responseType: 'token id_token'
My redirect callback is receiving hash params like:
access_token=xxxxx&scope=openid%20profile%20offline_access&expires_in=7200&token_type=Bearer&state=xxx&id_token=xxxxx but no refresh_token.
What am I missing?