We’ve noticed users of our production environment getting a “Grant type grant_type
not allowed for the client.” error. This happens when our client side web application needs to use the refresh_token to get a new id_token.
After analysing this we think that our clients didn’t get the grant_types populated with all Auth0 legacy grant types. From the Web UI it’s impossible to configure this, the option “Legacy: Delegation Refresh Token” simply isn’t there. We’ve been able to use the Auth0 Management API to add the http://auth0.com/oauth/legacy/grant-type/delegation/refresh_token grant. After doing this however the Web UI still doesn’t show this option, and worse: making a change to the settings removes the grant.
Could you please investigate if and where this went wrong, and make us able to enable or disable this grant type using the Web UI.
In relation to the issue itself, I have seen similar situation happening when the client application in question was not explicitly identified as a first-party client. This is something that I it’s not yet surfaced in the Dashboard, but if the client application in question is a first-party client (it’s developed by you the same owner as the Auth0 account) then you may want to consider doing a PATCH request to the Management API in order to update that client application to explicitly state that it is a firs-party client.
The PATCH request would contain the following payload:
{ "is_first_party": true }
If my guess is correct this would resolve your situation and the Dashboard would now show the missing legacy grants and it would also mean that you could update the settings without side-effects.
Awesome! That indeed does the trick, thanks a lot
Awesome! That indeed does the trick, thanks a lot