Refresh_token missing

Hi,

I am using the authorization code grant flow with PKCE. I am adding the offline_access scope during the authorize request.

My application has the authorization code and refresh token grant and my API has the “allow offline access” enabled.

I am missing the refresh_token in my response after calling “oauth/token”.

Did I forget to turn on some setting?

2 Likes

Hi @michal.shapeshift3d,

Welcome to the Community!

Are you getting a warning in your logs about it?

Also could you tell about your application?

Let me know,
Dan

Hi @dan.woda

I have setup a single page application in auth0 dashboard.

I got this warrning : “The scope ‘offline_access’ was requested, but no ‘refresh_token’ was issued because the authorization code exchange originated from a browser”,"

Are you using the SPA sdk? Have you configured it to use refresh tokens? Like this:

Hi,

I wasn’t using the sdk. I was following the pkce tutorial Call Your API Using the Authorization Code Flow with PKCE

this morning, I tried using the auth0 single page app sdk and I’m getting the same result.

I added ’ useRefreshTokens: true and i’m still getting the following error in the log : “description”: “The scope ‘offline_access’ was requested, but no ‘refresh_token’ was issued because the authorization code exchange originated from a browser”,

Have you configured refresh token rotation like this doc describes?

1 Like

hi,

with rotating enabled, it’s now working ! thanks

1 Like

Awesome! Thanks for following up!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.