refreshToken missing from request.oidc

I’ve created a Regular Web Application for an Express-NodeJS application using express-openid-connect. The config for auth is like this:

"authConfig": {
    "authorizationParams": {
      "response_type": "code",
      "audience": "**audience**",
      "scope": "openid profile email offline_access"
    "authRequired": false,
    "auth0Logout": true,
    "baseURL": "**baseURL**",
    "clientID": "**client_id**",
    "clientSecret": "**client_secret**,
    "issuerBaseURL": "**issuer_base_url**",
    "secret": "**secret**",
    "idpLogout": true

For endpoints protected requiresAuth, the request.oidc property contains accessToken, but the refreshToken is always undefined.
The application on Auth0 portal is also configured to use refreshTokens.When the accessToken expires, and refresh function in the accessToken is invoked, an error stating “refresh_token is missing from the TokenSet” is shown.
Could you guys please guide me if I’m doing anything wrong here?

Hi @Ashish_Dwivedi,

Thanks for reaching out to the Auth0 Community!

After inspecting your authConfig, everything appears to be correct.

In this case, could you please check your API settings and see if you are yet to enable the Allow Offline Access toggle?

After doing so, you can obtain the refresh token in the response.

Please let me know how this goes for you.

Thank you.

1 Like

Hi Rueben, thanks for your answer. This indeed was the missing link.
To put in simpler terms here, I enabled offline access for the API that is specified as the audience in the configuration of the express-openid-connect auth.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.