Reputation: 38
Missing refresh_token when using authorization code with PKCE
after authorizing the management api using the oauth2 code flow with PKCE the response from POST https://login.tapkey.com/connect/token do not return a refresh token. Am I missing something?
The redirect for the user goes to https://login.tapkey.com/connect/authorize?client_id=[...]&redirect_uri=[...]&scope=write%3Agrants&response_type=code&state=[...]&code_challenge=[...]&code_challenge_method=S256"
After the callback I'm requesting POST https://login.tapkey.com/connect/token with the following form data:
[
"grant_type" => "authorization_code"
"client_id" => "[...]"
"client_secret" => null
"code" => "[...]"
"redirect_uri" => "[...]"
"code_verifier" => "[...]"
]
The response I get is
[
"access_token" => "[...]"
"expires_in" => 3600
"token_type" => "Bearer"
"scope" => "write:grants"
]
Upvotes: 0
Views: 538
Answers (1)
Reputation: 475
Like described here https://developers.tapkey.io/api/authentication/pkce/#refreshing-an-access-token, for getting a refresh_token you also need to request the scope "offline_access".
Upvotes: 1
Related Questions
- Refresh access_token via refresh_token in Keycloak
- [OAuth][Keycloak] invalid_grant session not active when trying to use refresh_token
- Keycloak client credentials grant type with refresh token
- Spotipy Refreshing a token with authorization code flow
- PKCE using backchannel to refresh token
- Keycloak Offline Access token with 'refresh_token' grant_type
- Not getting a refresh token from Auth0.authorize() - PKCE
- Refresh token with Keycloak
- Salesforce Native IOS SDK can't refresh access token
- oauth2.0 invalid request when trying to use refresh token