kellan
#1
I’m following the instructions here to get a refresh token from the API, but I’m only getting an access token in the response:
First I call: https://DOMAIN.auth0.com/authorize?audience=AUDIENCE&scope=offline_access&response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
I grab the code from the response URL and post to:
curl -XPOST ‘https://DOMAIN.auth0.com/oauth/token’ --header ‘content-type: application/x-www-form-urlencoded’ --data ‘grant_type=authorization_code’ --data ‘client_id=CLIENT_ID’ --data ‘client_secret=CLIENT_SECRET’ --data ‘code=CODE’ --data ‘redirect_uri=REDIRECT_URI’
This returns:
{“access_token”:“TOKEN”,“expires_in”:86400,“token_type”:“Bearer”}
But no Refresh Token. Not sure what I’m doing wrong.
1 Like
ashish
#2
Hi @kellan have you double checked for the restrictions listed here https://auth0.com/docs/tokens/refresh-token/current#restrictions-on-refresh-token-usage especially the one about allowing offline_access
via API settings (API identified by the audience
in your first request)
2 Likes
system
closed
#3
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.