[mitreid-connect] missing refresh token

Marcin Krystek mkrystek at man.poznan.pl
Thu Jan 22 10:22:56 EST 2015


Hello,

I'm using 1.2.0-SNAPSHOT of MITREID server, downloaded and build today.

I'm trying to authorize user using authorization code flow. It works 
fine, the correct access token and id token are issued.
However I'm not able to obtain a refresh token.

I'm using the following client configuration:

In the administration panel, Manage Clients -> Edit

Access tab:
redelegate - checked

Tokens tab:
Refresh tokens are issued for this client - checked
Refresh tokens for this client are re-used - checked
Refresh tokens do not time out - checked

I'm making REST call to obtain an access token: 
/openid-connect-server-webapp/token
using following parameters:
grant_type=authorization_code
code=[codeValue]
client_secret=[secret]
client_id=[client_id]
redirect_uri=[redirect_uri]

The server returns JSON object:
{
    "expires_in" : 3599,
    "id_token" : "valid_id_token",
    "access_token" : "valid_access_token",
    "token_type" : "Bearer",
    "scope" : "phone email address openid profile"
}
The "refresh_token" parameter is missing.

I know that refresh_token is an optional parameter, however based on the 
presented configuration server should issue a refresh_token. Is that 
right or I'm missing something?

best
Marcin



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150122/a00ad5e4/attachment.htm


More information about the mitreid-connect mailing list