How to get refresh_token with grant_type=password

By: Sungho Park user 04 Nov 2020 at 12:15 a.m. CST

2 Responses
Sungho Park gravatar
**Test Case** When I call the "/oxauth/restv1/token" endpoint using grant_type=password , I don't get refresh_token. curl --location --request POST 'https://{server}/oxauth/restv1/token' \ --header 'Authorization: Basic ODNmZTBmYjQtNGRjMC00YmRjLTlhYTMtMmNiNWEwZTdmZjAyOmZLSjAwM3I1aHd5UVJtdTU5VHRWWlpyVHVyZHJsdGNxWnE5QnNxVk0=' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ --data-urlencode 'username={userid}' \ --data-urlencode 'password={userpw}' \ --data-urlencode 'scope=openid offline_access' **Configuration** Configuration > JSON Configuration > OxAuth Configuration forceOfflineAccessScopeToEnableRefreshToken = true ``` OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** test-web-client - **Client ID:** 83fe0fb4-4dc0-4bdc-9aa3-2cb5a0e7ff02 - **Subject Type:** public - **ClientSecret:** XXXXXXXXXXX - **Application Type:** web - **Persist Client Authorizations:** false - **Pre-Authorization:** false - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Logout Redirect URIs:** [https://localhost:6200/logout] - **Login Redirect URIs:** [https://localhost:6200/login] - **Scopes:** [openid, offline_access] - **Grant types:** [authorization_code, refresh_token, client_credentials, password, implicit] - **Response types:** [code, id_token, token] ```
Ubuntu 18.04
closed

Answers

By Yuriy Zabrovarnyy staff 04 Nov 2020 at 1:52 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Does it work with `forceOfflineAccessScopeToEnableRefreshToken=false` ? Which exactly version do you have ? Is it 4.2.1? It should work if : * `forceOfflineAccessScopeToEnableRefreshToken=false` and client's `grant_type` has `refresh_token` * `forceOfflineAccessScopeToEnableRefreshToken=true` scope has `offline_access` and client's `grant_type` has `refresh_token` It seems second case fails for some reason. @Aliaksandr.Samuseu please reproduce and if reproducible post bug on me on 4.2.2 milestone.

By Yuriy Zabrovarnyy staff 04 Nov 2020 at 2:10 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Re-assigning it back to me. I was able to replicate it. It's fixed in latest 4.2.2, you can take war from here: https://ox.gluu.org/maven/org/gluu/oxauth-server/4.2.2-SNAPSHOT/oxauth-server-4.2.2-SNAPSHOT.war If you have latest 4.2.1 then it should be safe to just stop oxauth, replace war and start it. Sungho, would you please try it and confirm it works as expected ?

Post an answer