Unable to Set Device Name Refresh Token

cbrown · November 7, 2017, 2:06am

Previously using the Auth0 Lock library we were able to generate refresh tokens by setting the following parameters:

    scope: 'openid offline_access profile',
    audience: 'audience',
    device: "my-device"
}```

However, the `device` parameter is no longer respected. Instead it appears as though the `user-agent` header is used to determine what the device name is used for generating refresh tokens. Is it still possible to generate a refresh token in this manner? What is the best way to be able to set the name so that users can track their refresh tokens and delete unused or cycle them out as they need to for security purposes.

jmangelo · December 13, 2017, 7:39pm

See this answer to a related question for additional information, but the summary is that as you said the device functionality is associated with legacy endpoints and you should not try to leverage it if you’re not using legacy endpoints. In other words, although the user agent is currently reflected as the device you should take a dependency on this as there’s no documented notion of device in non-legacy endpoints.

Topic		Replies	Views
Device name for Resource Owner Password flow (Java) Help refresh_token , resource-owner-passw	3	4314	March 2, 2018
Device Auth Flow: How to add a device name? Help management-api , device-credentials	0	972	June 30, 2023
Unable to get refresh token from the device code authorization flow Help auth0 , refresh_token	4	2408	December 22, 2022
Altering the Device Name Does Not Work as Expected - "device" Parameter Knowledge Articles device-parameter	3	245	March 13, 2024
Authentication Token endpoint not providing a Refresh Token? Help refresh-tokens	2	5015	March 2, 2018

Unable to Set Device Name Refresh Token

Related topics