How to request a refresh token with identityserver4

Question

I have IdentityServer and a separate WebApi project using resource owner flow.

When I request a token as below the token is issued and can be used to access the WebApi. So I assume IdentityServer is setup correctly, and the WebApi project is setup correctly as well.

username=user1
password=user1password
grant_type=password
client_id=myClientId
client_secret=myClientSecret
scope=api1

Now when I change the grant type to refresh and the scope to offline_access I get a refresh token. I then use the refresh token to get an access token, but when I use the access token to request the WebApi it is rejected.

With an error

the audience is invalid

I suspect it's because I am asking for an offline_access scope instead of api1 scope which the WebApi project expects. How do I get a refresh token that can use used with the scope api1?

Answer 1

 var model =       {
                    client_id: "myClientId",
                    client_secret: "myClientSecret",
                    scope: "api1 offline_access",
                    token_type: "Bearer", //Optional
                    grant_type: "refresh_token",
                    refresh_token: "your refresh token"
                };


//this is most important step when to use refresh token 

 var base64 = btoa(model.client_id + ":" + model.client_secret); 

//and your request here

this.$http({
                method: "POST",
                url: "/connect/token",
                headers: {
                    'content-type': "application/x-www-form-urlencoded",
                    'Authorization': "Basic " + base64
                },
                data: jQuery.param(model)
            })
                .then(
                response => {


                  //success


                },
                response => {

                    //logout
                });