How we can implement refresh token with /authorize and /token in grails

i want to generate refresh token with ouath2 api from server.but how we can implement it with grails?

I can’t speak for grails specifically, but as long is the application is configured to allow use of the Refresh token grant, you can get refresh tokens returned from the token endpoint (when using authorization code flow) if you request the “offline_access” scope in your authorize request.

More details about refresh tokens found in our guide here.

@mraible, have any ideas for how to do this with grails?

We do have a Grails tutorial on the developer blog: Build Server Side Authentication in Grails with OAuth 2.0 and Okta | Okta Developer

thanks…mraible !!
But to get a refresh token, i wanted to call following api
authorizeUrl: ‘https://{yourOktaDomain}/oauth2/default/v1/authorize’
which will return authorization_code in browser url like
yourApp:/callback?code=BdLDvZvO3ZfSwg-asLNk&state=state-8600b31f-52d1-4dca-987c-386e3d8967e9
so how can i captured this authorization_code from URL in grails??
is there any way to get auth_code from browser to server??

@andrea Already explained how to get a refresh token. It’s all about passing in the offline_access scope and configuring your Okta OIDC app to allow refresh tokens. From there, everything should work.

Have you tried the Grails tutorial I linked to? You might be making this harder than you need to. I think the Grails code in the tutorial will work and you don’t have to worry about the code returned or talking to another endpoint.

In our angular application we have implemented okta for user authentication for every request that hit our application.
Each request is authenticated using token generated by okta and it gets validated through introspect api and it works fine.
With these user interactions if the token gets expired we redirect user to home page so that new token gets generated. Now in this scenario, instead of redirecting user to home page, we need to refresh the token without intervention of the user and to achieve this need to generate refresh token from back end, so how the token can be refreshed offline without letting the user know about it

What is your use case that would make you/your users expect that the user would know about the refresh token being used to extend their session? Instead of having to redirect the user back to the home page to re-authenticate, you will instead have your application simply fetch a new token for them without them needing to re-authenticate or do anything else.

Also, the “offline” part of the offline_access scope is a little confusing. API calls still need to be made to Okta to get a new token (via the /token endpoint), but with an offline access token, the user does not need to be present/logged in to get new tokens, they just need a valid refresh token. See OpenID spec here for details about this scope