I’ve been trying to implement the Passwordless Authentication flow, but have found that I only receive an access_token, and not a refresh_token.
I’ve looked at a few posts recommended in these posts:
I have a mobile app that implements passwordless authentication for users, I’m able to get an access token, however, I’m unable to get a refresh token.
I’m sending a POST request to the /ouath/token endpoint, and passing offline_access to the scope.
I am struggling with Auth0 apis since 48 hours (due to partially outdated, misleading documentation, imho).
I am able to request a mail link with the passwordless/start endpoint. I use a deep-link callback to get the accessToken once the user clicks on the email.
I have no problem to retrieve the JWT access token, but I cannot get a Refresh Token. And since the maximum timespan for tokens is 24 hours (86400), how can I renew the token without sending a new mail to the user?
But I am wondering if it’s possible to use your own UI (Auth0-js) and retrieve refresh_tokens with the magic-link passwordless flow?
Also, from those posts and linked articles, I could not find any specifics about what needs to be implemented to get a refresh_token.
In my particular use-case, I am looking to get the refresh_token in the hash string of the redirect_uri, same way we get the access_token currently
Thanks in advance!