We are building Zapier to our service integration and have enabled OAuth2 on the Zapier side. When asking for tokens we do pass scope: 'offline_access'
. The Zapier receives access_token
and refresh_token
after the user logs in. The access_token
is working - the “zaps” pass it to our API and we can call methods like GET https://<our domain>.auth0.com/userinfo
with Authorization: Bearer <access_token>
which returns user info.
curl --request GET \
--url https://<our domain>.auth0.com/userinfo \
--header 'authorization: Bearer <access token>' \
--header 'content-type: application/json'
{
"email": "...",
"name": "Gleb Bahmutov",
...
But the access tokens expire, so we need to refresh them. We are making a call like this one
curl --request POST \
--url https://<our domain>.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{
"grant_type": "refresh_token",
"client_id": "<our client id>",
"client_secret": "<our secret>",
"refresh_token": "<refresh token we received earlier>"
}'
This responds with an object with new token, looks something like this
{
"access_token": "jDUIy...",
"expires_in": 86400,
"token_type": "Bearer"
}
We are grabbing this new access token and try fetching the user information again using GET https://<our domain>.auth0.com/userinfo
just like before, but with new token. What we get back from Auth0 API is puzzling: it is status code200
and response {}
(empty object). I do not see anything related in the Auth0 logs so the source of the empty object is very puzzling. We would love to have this issue resolved to finish our integration, that’s the only blocking step.