Per okta documentation for Auth Code with PKCE, scope=offline_access for response_type=code (/authorize endpoint) should return refresh token in addition to access token. Instead, I see an error that indicates, offline_access is an invalid scope.
Exact response: {“error”:“invalid_scope”,“error_description”:“Browser requests to the token endpoint may not include the offline_access scope.”}
Could you please let me know if I am missing something, or refresh_token is not supported with auth code flow with PKCE.
Please confirm.
For anyone that has this question, it has been answered in the following thread: Auth Code with PKCE - Refresh Token
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.