How to get new AccessToken silently with the help of RefreshToken on Xamarin Native app

Hi Team,

I am struggling to find a way to get a new AccessToken using RefreshToken received while initial authentication.

I am following this reference link.

When i try to fire a request through Postman, I get following response
“error”: “invalid_client”,
“error_description”: “Invalid value for ‘client_id’ parameter.”

Please find following screenshot with request parameters:

Need your help to get this done and additionally I need to make this request silently within from PCL solution on Xamarin.Native (Xamarin.iOS & Xamarin.Android) project.

Thanks in advance.

Ankit Parekh

Hi @ankit.b.parekh

Regarding the error that you are seeing, the authorization header should contain the client_id and client_secret instead of username and password. Also, when sending this header, the client_id should not be present.

Hi @dragos

I tried the way you suggested but I am not able to get any breakthrough, additionally I don’t have client_secret hence I am sending it as null.

Can you please provide any reference link or demo POST request here which can explain to get new AccessToken based on RefreshToken, if possible?

FYI, I have implemented authorization part in Xamarin.Android following this tutorial.

Hi @dragos

FYI I don’t have client_secret as because I am using PKCE. In this case to call /token (to get refreshed AccessToken) request I need to send client_assertion and client_assertion_type, right?

Please find my updated request:

Thanks in advance!

Ankit Parekh

Hi @ankit.b.parekh

That is correct, you need client_assertion and client_assertion_type. From what I see in the script, you are missing the refresh_token from the body of the request.

Here is a cURL example to refresh the access token when using authorization code flow with PKCE

curl -X POST
-H ‘Accept: application/json’
-d ‘grant_type=refresh_token&redirect_uri=REDIRECT_URI&scope=openid%20profile&refresh_token=REFRESH_TOKEN&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=CLIENT_ASSERTION’

Hi @dragos

I have updated my last screenshot, I had missed out refresh_token itself in code.

I added that and still I am getting 401 Unauthorised.

Two doubts:

  • Attaching CLIENT_ASSERTION screenshot below, please validate and let me know is there any mistake there?
  • I am using “default” in my end point url, so complete url becomes is, though i tried removing “default” still i get 401.

JWT bearer for CLIENT_ASSERTION screenshot:

Many thanks for your response.

Ankit Parekh

Hi @dragos,

Please find below screenshot of system log from okta developer console:

It seems client credentials are expected through authorization header, I tried adding that then failure reason changed to token_request_missing_grant_type whereas grant_type is set to refresh_token.

In short, currently I am getting UnAuthorized based on your last response, you can validate my CLIENT_ASSERTION whether it is as expected or not.

Ankit Parekh

Hi @dragos

Latest screenshot of request parameters and response in Postman :


Ankit Parekh

Hi @ankit.b.parekh

Can you please send an email to in order to have this further investigated? Through a support ticket, we can review also the server logs and narrow down the issue easier.