I am sending a request to /oauth/token with
grant_type password
clientid (client has refresh token password grant)
username
password
scope openid email offline_access
audience (api allows offline access)
I get back
access_token
id_token
scope openid email
Can anyone thing of something I am missing. I would expect a refresh token to be returned as well.
Thanks!
According to the doc:
To refresh your token, using the
refresh_tokenyou already got during authorization, make a POST request to the/oauth/tokenendpoint in the Authentication API, usinggrant_type=refresh_token
Agreed and I believe I have configured everything properly however the oauth/token endpoint doesn’t return a refresh_token. I do notice the scope is being returned without the offline_access so it is being stripped out for some reason I believe. The client has the grant for offline_access and the api has the feature turned on.
Request
According to the documentation, order to get the refresh token the grant_type should be refresh_token but in the Postman query above you’re using password
It ended up being a rule that was stripping the offline_access scope on the original /token call. My fault. Thanks for the help! Moral of the story, if you are getting interesting behavior check your rules!
The forum wouldn’t let me post twice in a row so sorry you wasted your time.
