Hi,
I am using the authorization code grant flow with PKCE. I am adding the offline_access
scope during the authorize request.
My application has the authorization code and refresh token grant and my API has the “allow offline access” enabled.
I am missing the refresh_token in my response after calling “oauth/token”.
Did I forget to turn on some setting?
2 Likes
Hi @michal.shapeshift3d,
Welcome to the Community!
Are you getting a warning in your logs about it?
Also could you tell about your application?
Let me know,
Dan
Hi @dan.woda
I have setup a single page application in auth0 dashboard.
I got this warrning : “The scope ‘offline_access’ was requested, but no ‘refresh_token’ was issued because the authorization code exchange originated from a browser”,"
Are you using the SPA sdk? Have you configured it to use refresh tokens? Like this:
Hi,
I wasn’t using the sdk. I was following the pkce tutorial Call Your API Using the Authorization Code Flow with PKCE
this morning, I tried using the auth0 single page app sdk and I’m getting the same result.
I added ’ useRefreshTokens: true and i’m still getting the following error in the log : “description”: “The scope ‘offline_access’ was requested, but no ‘refresh_token’ was issued because the authorization code exchange originated from a browser”,
Have you configured refresh token rotation like this doc describes?
1 Like
hi,
with rotating enabled, it’s now working ! thanks
1 Like
Awesome! Thanks for following up!
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.