Auth0 Home Blog Docs

/oauth/access_token obtain refresh_token? (mobile app)

social-connections
oauth
custom-login
refresh-tokens

#1

I’m using Facebook SDK in my React-Native mobile app and I manage to get a token that I exchange with Auth0 on /oauth/access_token to retrieve an id_token that I can use as jwt to authenticate with my API.

The problem: that endpoint doesn’t return a refresh_token which is vital for a mobile app in order to not ask the user to authenticate every time.

How can I obtain an Auth0 refresh_token in order to not have the user to login every single day to Facebook and to the entire process again?

Unfortunately I can’t use Auth0 Lock for the login UI because the React-Native version doesn’t support custom UI at the moment.


#2

@jmangelo Thanks for your answer, but when I’m talking about re-authentication I’m not speaking about Facebook but Auth0, which is the token that ultimately you use to authenticate calls to your APIs.

That said this is possible but not on the documentation, you just need to ask for offline_access scope on that endpoint.
POST https://${AUTH0_URL}/oauth/access_token

{
    client_id: CLIENT_ID,
    access_token: FBToken,
    connection: 'facebook',
    scope: 'openid profile email offline_access',
    device: 'mobile phone',
}

#3

Cool, I was not aware of that possibility for that specific endpoint. Thanks for following up and providing a solution to your original problem. I’ll remove my incorrect answer.


#4