[mitreid-connect] obtaining a refresh token ....

Wed Jan 4 15:58:12 EST 2017

thanks very much ! Its working fine now.

On 1/4/17 7:10 AM, Justin Richer wrote:
> If you're only approving "basic profile information" in the browser,
> then you're not asking for the "offline_access" scope during that step.
> You need to send "scope=offline_access+..." during the call to the
> authorization endpoint (the redirect where the user is involved) in
> order for that to be triggered. The "scope" parameter in the POST to the
> token endpoint is ignored in the authorization code flow since the user
> can't make an decisions at that point. Everything else looks correct below.
>
>  -- Justin
>
>
> On 1/3/2017 3:53 PM, Steven Carmody wrote:
>> Hi,
>>
>> The server isn't returning a refresh token along with my access token,
>> and I'm not sure what I'm doing wrong. Here's what I'm doing:
>>
>> 1) I went to the server admin GUI, created my new client, clicked EDIT
>> on that client, clicked the Tokens tab, clicked "Refresh tokens are
>> issued for this client", and SAVED.
>>
>> 2) Just to be extra safe, I clicked "System Scopes" in the left nav bar,
>> clicked offline access, clicked "default scope Newly-created clients get
>> this scope by default?", adding it to the default set.
>>
>> 3) My program POSTs this data to the /token endpoint:
>>
>> code=k36dJT&redirect_uri=http%3A%2F%2Fstc-test21.cis.brown.edu%2FOAuth2%2Fclient-oauth2.php&scope=profile+offline_access&grant_type=authorization_code&client_id=stc-test21-client
>>
>>
>> 4) I get back an access token, only ...
>>
>> {"access_token":"eyJraWQiO ...
>> RJwHAg","token_type":"Bearer","expires_in":3599,"scope":"profile"}
>>
>> btw, in my browser window I'm only asked to approve
>>
>>      basic profile information
>>
>> thanks for any suggestions !
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>