Php-sdk: no refresh token in auth payload


Using the php sdk, within a M2M application, I am using an authentication client to login newly created users from within some CMS. I am basically creating them using the same login and password on auth0, then logging them in.

The password grant type/password flow is enabled on the app/client, as well as the refresh token flow. The app itself has access to the management api for all actions related to users and users_app_metadata.

The app is reported as OIDC-compliant, and rules don’t appear to be interfering with the authentication flow.

The login request is issued as follows:

  public function login_user(string $email, string $password)
    return $this->_run_op(function ($arg) {
      return $this->authentication_client->login(
        ['scope' => 'openid profile email offline_access', 'audience' => $this->audience],
    }, ['username' => $email, 'password' => $password]);

This works fine on another tenant, but it doesn’t return a refresh token at all on this one. There isn’t anything amiss in the logs. Only reports of successful exchanges.

Please advise.

Solved. Offline access was simply disabled on the companion API.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.