Auth0 /oauth/access_token obtain refresh_token mobile app?

Question

I'm using Facebook SDK in my React-Native mobile app and I manage to get a token that I exchange with Auth0 on /oauth/access_token to retrieve an id_token that I can use as jwt to authenticate with my API.

The problem: that endpoint doesn't return a refresh_token which is vital for a mobile app in order to not ask the user to authenticate every time.

How can I obtain an Auth0 refresh_token in order to not have the user to login every single day to Facebook and to the entire process again?

Unfortunately I can't use Auth0 Lock for the login UI because the React-Native version doesn't support custom UI at the moment.

Answer 1

It's not documented but you can ask for a refresh_token on the /oauth/access_token endpoint adding offline_access in the scope and a device name.

request({
  method: 'POST',
  url: `https://${AUTH0_URL}/oauth/access_token`,
  data: {
    client_id: CLIENT_ID,
    access_token: FBToken,
    connection: 'facebook',
    scope: 'openid profile email offline_access',
    device: 'mobile phone',
  },
})

Answer 2

You can find the current documentation here: https://auth0.com/docs/tokens/preview/refresh-token#get-a-refresh-token

According to the documentation you should get a refresh token after requesting /oauth/access_token as long as you include the offline_access scope in your original request.

If that's not the case, I would bug support.