Hi I may be understanding wrong the purpose of a refresh token but If I configure in okta that refresh token will never expire and use the endpoint to get a refresh token should I receive always the same refresh token?
I am using v1/token endpoint to get a refresh token but this seems to be returning different values in different environments…I am confused about this behavior.
If the refresh_token can change, what’s the proper way of getting a refresh_token
Thanks
What are you passing to the /v1/tokens endpoint?
If it is something like a new code for a user, or resource owner’s username and password, you will get a different refresh token. If you are using the refresh grant, then you should be getting back the same token. Does that make sense?
So the question should be how do I get the refresh token using /oauth2/v1/token endpoint? I did not find an example or indications on how to do that
You need to request the offline_access scope during the initial OAuth flow. If you do that, you’ll get a refresh token (in addition to access and ID tokens). See here: How to get a refresh token
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.