In my React Native app – init app not Expo – I’m trying to refresh the access_token but my POST call is failing with 401 . I’m testing this functionality so I make the POST call some 30 seconds after I login so not sure if this plays a role or not.
In my initial login, I do get a refresh_token along with a valid access_token . I then tell my app to wait 30 seconds and make a POST call that looks like this:
const url = 'https://mydomain.auth0.com/oauth/token';
const postOptions = {
method: 'POST',
url: url,
headers: {
"content-type": 'application/x-www-form-urlencoded'
},
form: {
grant_type: 'refresh_token',
client_id: 'MY_CLIENT_ID',
refresh_token: 'REFRESH_TOKEN_RECEIVED_DURING_LOG_IN'
}
};
fetch(url, postOptions)
.then((response) => {
debugger;
// this is where I get response.status 401
})
Any idea what the issue is here?
Also want to mention that under my application settings, Refresh Token is checked under “Grant Types” but refresh token rotation or expiration are NOT enabled.
P.S. Also posted my question on StackOverflow. You can respond there if you prefer:
Also, to help troubleshoot, when you look at your tenant logs, do you see an error for the failed token refresh request? There might be helpful information in the log.
I was able to get it to work using the library – react-native-auth0. All your documentation is pointing to a regular POST call though and there’s no mention of using the library. I had to do a lot of digging to figure out how to use the refreshToken() method in the library. I strongly suggest you guys address this in your documentation.
As a future reference for those who may need this solution, here’s what I did.
The react-native-auth0 library offers a refreshToken method that is used like below. The only parameter it needs is the current refresh_token that you got when you made the initial authentication call for the user. It’s important to mention that in the initial authentication call, you must include offline_access in the scope. Otherwise you won’t get a refresh token. Another important point is to save that refresh token in a safe place – and not just AsyncStorage – because unless you set it otherwise, your refresh token doesn’t expire and can be used again and again.
With that said, here’s what my refresh token call looks like. At start up, I initialize my Auth0 instance as a global variable so that I can access it in different parts of my app.
global.auth0.auth.refreshToken({ refreshToken: 'MY_CURRENT_REFRESH_TOKEN' })
.then(result => {
// If you're doing it right, you'll receive a new access_token and an id_token
})
Here’s a slightly more detailed version of my solution: