[mitreid-connect] missing refresh token
Richer, Justin P.
jricher at mitre.org
Thu Jan 22 10:26:19 EST 2015
You must include the "offline_access" scope in the token request, and the client must be registered to allow the "offline_access" scope and/or have its "issue refresh tokens" checkbox checked in the admin UI. See this issue here:
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/751
-- Justin
On Jan 22, 2015, at 10:22 AM, Marcin Krystek <mkrystek at man.poznan.pl> wrote:
> Hello,
>
> I'm using 1.2.0-SNAPSHOT of MITREID server, downloaded and build today.
>
> I'm trying to authorize user using authorization code flow. It works fine, the correct access token and id token are issued.
> However I'm not able to obtain a refresh token.
>
> I'm using the following client configuration:
>
> In the administration panel, Manage Clients -> Edit
>
> Access tab:
> redelegate - checked
>
> Tokens tab:
> Refresh tokens are issued for this client - checked
> Refresh tokens for this client are re-used - checked
> Refresh tokens do not time out - checked
>
> I'm making REST call to obtain an access token: /openid-connect-server-webapp/token
> using following parameters:
> grant_type=authorization_code
> code=[codeValue]
> client_secret=[secret]
> client_id=[client_id]
> redirect_uri=[redirect_uri]
>
> The server returns JSON object:
> {
> "expires_in" : 3599,
> "id_token" : "valid_id_token",
> "access_token" : "valid_access_token",
> "token_type" : "Bearer",
> "scope" : "phone email address openid profile"
> }
> The "refresh_token" parameter is missing.
>
> I know that refresh_token is an optional parameter, however based on the presented configuration server should issue a refresh_token. Is that right or I'm missing something?
>
> best
> Marcin
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
More information about the mitreid-connect
mailing list