Refresh token question


#1

I’m trying to get a refresh_token back in the response from /authorize, so it can be used later to get a new access_token from /token. However, my response from /authorize only contains id_token and access_token. access_token expires after 20 minutes, and sometimes it is necessary for us to refresh this in a longer session. Any assistance would be appreciated.

I’ve added the following to the Okta widget config to include responseType : code and scope : offline_access.

data.authParams = {
issuer: OKTA_ISSUER,
responseType: [“id_token”, “token”, “code”],
scopes: [“openid”, “email”, “profile”, “offline_access”]
}

Reference -
OpenID Connect & OAuth 2.0 API
(https://developer.okta.com/docs/api/resources/oidc#openid-connect--oauth-20-api)

Thanks,
Mike