Hello,
I have implemented the PKCE workflow in React with scope as offline_access and I am getting a refresh token back as well. After getting the refresh_token I am making an access_token renew call using the refresh token immediately within 3 seconds. The response that I get is “The refresh token is invalid or expired”. Following is my code for call to the /token endpoint -
let headers: { [key: string]: string } = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded"
};
const params: { [key: string]: string; } = {
'grant_type': "refresh_token",
'redirect_uri': "http://localhost/Home/Login",
'scope': "openid offline_access profile",
'rerfresh_token': rerfreshToken ?? "", // refresh token is from the initial authorization call
'client_id': "" // removed for privacy
};
let formBody: string[] = [];
for (var property in params) {
var encodedKey = encodeURIComponent(property);
var encodedValue = encodeURIComponent(params[property]);
formBody.push(encodedKey + "=" + encodedValue);
}
let formBody2 = formBody.join("&");
// this is a dummy url not the actual server that we are using
// changed this for privacy
const apiUrl = "https://dev-98751.okta.com/oauth2/default/v1/token";
await fetch(apiUrl,
{
method: "POST",
body: formBody2,
headers
}) // Truncated here for brevity
I have enabled Refresh Token under the general settings of my application.
I have also added a policy under Security → API → Default Server that has the access token and refresh token lifetime in it.
I have checked the access_token JWT and it has offline_access as scope in it.
Is there anything that I am missing?
We are on a deadline to deliver this so waiting for a response eagerly.