[mitreid-connect] obtaining a refresh token ....
Justin Richer
jricher at mit.edu
Wed Jan 4 07:10:08 EST 2017
If you're only approving "basic profile information" in the browser,
then you're not asking for the "offline_access" scope during that step.
You need to send "scope=offline_access+..." during the call to the
authorization endpoint (the redirect where the user is involved) in
order for that to be triggered. The "scope" parameter in the POST to the
token endpoint is ignored in the authorization code flow since the user
can't make an decisions at that point. Everything else looks correct below.
-- Justin
On 1/3/2017 3:53 PM, Steven Carmody wrote:
> Hi,
>
> The server isn't returning a refresh token along with my access token,
> and I'm not sure what I'm doing wrong. Here's what I'm doing:
>
> 1) I went to the server admin GUI, created my new client, clicked EDIT
> on that client, clicked the Tokens tab, clicked "Refresh tokens are
> issued for this client", and SAVED.
>
> 2) Just to be extra safe, I clicked "System Scopes" in the left nav bar,
> clicked offline access, clicked "default scope Newly-created clients get
> this scope by default?", adding it to the default set.
>
> 3) My program POSTs this data to the /token endpoint:
>
> code=k36dJT&redirect_uri=http%3A%2F%2Fstc-test21.cis.brown.edu%2FOAuth2%2Fclient-oauth2.php&scope=profile+offline_access&grant_type=authorization_code&client_id=stc-test21-client
>
> 4) I get back an access token, only ...
>
> {"access_token":"eyJraWQiO ...
> RJwHAg","token_type":"Bearer","expires_in":3599,"scope":"profile"}
>
> btw, in my browser window I'm only asked to approve
>
> basic profile information
>
> thanks for any suggestions !
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
More information about the mitreid-connect
mailing list