I’m following the instructions here to get a refresh token from the API, but I’m only getting an access token in the response:

First I call: https://DOMAIN.auth0.com/authorize?audience=AUDIENCE&scope=offline_access&response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI

I grab the code from the response URL and post to:

curl -XPOST ‘https://DOMAIN.auth0.com/oauth/token’ --header ‘content-type: application/x-www-form-urlencoded’ --data ‘grant_type=authorization_code’ --data ‘client_id=CLIENT_ID’ --data ‘client_secret=CLIENT_SECRET’ --data ‘code=CODE’ --data ‘redirect_uri=REDIRECT_URI’

This returns:

{“access_token”:“TOKEN”,“expires_in”:86400,“token_type”:“Bearer”}

But no Refresh Token. Not sure what I’m doing wrong.

Hi @kellan have you double checked for the restrictions listed here https://auth0.com/docs/tokens/refresh-token/current#restrictions-on-refresh-token-usage especially the one about allowing offline_access via API settings (API identified by the audience in your first request)

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.