I’m building a project using Cordova and have successfully gotten a refresh token this morning but I’m now currently unable to get a refresh token in my app. I’m now getting the following error from the logs: “The scope ‘offline_access’ was requested, but no ‘refresh_token’ was issued because the authorization code exchange originated from a browser”
I’ve reverted to some code I had this morning that when I was able to successfully get a refresh token but still no luck.
I’m not sure what has changed, either code or Auth0 settings in my system.
I’m building a ReactJS app packaged with Cordova and using @auth0/cordova to do authentication with your service. The weirdest thing was that it was giving me refresh tokens for a couple of hours then suddenly stopped. I looked through the logs and can see them working, and then when they stopped I was receiving this error.
As a work around for now I’ve started calling authorize end point again with prompt set to “none” and that seems to be working for me right now, though I’m not sure this correct way to do what I’m looking for.
It is possible to get a refresh token is a SPA, but you would have to have misconfigured your app in the dashboard. If you were changing settings then that could explain why you were able to get one. It is hard to say why without any detailed information.
The prompt=none call is requesting a silent authentication, and that is the recommended flow for a SPA. I would suggest taking a look at our React quickstart if you are interested in best practices.
This doesn’t sound like a solution. Why would the tenant suddenly start throwing that warning and not providing a refresh token when all your documentation and all tenants before last week in fact work that way?
It’s hard to say without confirmation, but it sounds like they had the mobile app misconfigured as a SPA, which would explain why they were unable to get a refresh token.
Can you explain to me how I may have misconfigured my app as a SPA vs a mobile app? We are using the Cordova SDK provided by Auth0 and have followed the steps outlined in the quick start guide and have turned on Allow Offline Access on our API.