Unable to obtain refresh token from social login with native API

kenneth · June 8, 2021, 6:00pm

I am unable to obtain refresh token after logging in via social connections, even if offline_access scope is included. The refresh_token grant type is enabled in application settings. I am having this issue with both the Android SDK and the iOS SDK.

A snippet of the code I am using to trigger social login:

WebAuthProvider.login(account)
            .withScope("openid profile email offline_access")
            .withConnection("google-oauth2")
            .withAudience("myaudience")
            .start(context, callback)

Any help is much appreciated!

dan.woda · June 8, 2021, 8:20pm

Hi @kenneth,

Welcome to the Community!

Have you enabled refresh tokens (offline access) in your API settings?

kenneth · June 8, 2021, 8:58pm

Hello Dan, the only API i have is the management API which I cannot change. I don’t need to call any API actually, I just need the access token and refresh token for authentication purpose.

dan.woda · June 8, 2021, 9:18pm

Thanks for the added info. It may be because you are sending an audience param with your request. You can omit that param if you aren’t requesting an access token for an API.

kenneth · June 8, 2021, 9:32pm

I tried doing that and it still wouldn’t return a refresh token (and an id token for that matter), it seems like it’s doing an implicit flow because when i tried to exclude implicit_flow from the list of grant types i get an error page indicating that implicit_flow isn’t enabled, even though afaik both native SDKs use PKCE flow. i know that using implicit grant i will not receive a refresh token, but i can’t figure out a way to use PKCE instead of implicit grant.

kenneth · June 9, 2021, 1:23pm

Any help from anyone? I still cannot figure out what the issue is.

kenneth · June 9, 2021, 1:47pm

It’s finally working on Android for some reason, but it’s still not working on iOS.

dan.woda · June 9, 2021, 3:42pm

It shouldn’t be using the implicit flow.

Can you post a code snippet of your Auth0 iOS implementation?

kenneth · June 9, 2021, 3:51pm

Actually, after some more tweaking, I managed to get it working:

Auth0
      .webAuth()
      .scope("openid email profile offline_access")
      .connection("google-oauth2")
      .start()

It is probably because of the audience parameter that i originally put in. Thank you dan!

dan.woda · June 9, 2021, 3:52pm

Great news! Thanks for posting an update. Let us know if you run into anything else.

system · June 24, 2021, 3:52pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.