Hi.
Using the php sdk, within a M2M application, I am using an authentication client to login newly created users from within some CMS. I am basically creating them using the same login and password on auth0, then logging them in.
The password grant type/password flow is enabled on the app/client, as well as the refresh token flow. The app itself has access to the management api for all actions related to users and users_app_metadata.
The app is reported as OIDC-compliant, and rules don’t appear to be interfering with the authentication flow.
The login request is issued as follows:
public function login_user(string $email, string $password)
{
return $this->_run_op(function ($arg) {
return $this->authentication_client->login(
$arg['username'],
$arg['password'],
$this->realm,
['scope' => 'openid profile email offline_access', 'audience' => $this->audience],
);
}, ['username' => $email, 'password' => $password]);
}
This works fine on another tenant, but it doesn’t return a refresh token at all on this one. There isn’t anything amiss in the logs. Only reports of successful exchanges.
Please advise.