The Aqueduct docs say that the server should return a refresh token. It should look like this:
{
"access_token" : "Abca09zzzza2o2kelmzlli3ijlka",
"token_type" : "bearer",
"refresh_token" : "lkmLIAmooa898nm20jannnnnxaww",
"expire_in" : 3600
}
But this is what the server actually gives:
{
"access_token": "uArVqRgpGKv98aNJpziSmTQiFaX2Ebrz",
"token_type": "bearer",
"expires_in": 86399
}
There is no refresh_token.
Here is what my controller looks like:
class DemoChannel extends ApplicationChannel {
ManagedContext context;
AuthServer authServer;
@override
Future prepare() async {
logger.onRecord.listen((rec) => print("$rec ${rec.error ?? ""} ${rec.stackTrace ?? ""}"));
final config = WordConfig(options.configurationFilePath);
final dataModel = ManagedDataModel.fromCurrentMirrorSystem();
final persistentStore = PostgreSQLPersistentStore.fromConnectionInfo(
config.database.username,
config.database.password,
config.database.host,
config.database.port,
config.database.databaseName);
context = ManagedContext(dataModel, persistentStore);
final authStorage = ManagedAuthDelegate<User>(context);
authServer = AuthServer(authStorage);
}
@override
Controller get entryPoint {
final router = Router();
router
.route('/register')
.link(() => RegisterController(context, authServer));
router
.route('/auth/token')
.link(() => AuthController(authServer));
router
.route('/words/[:id]')
.link(() => Authorizer.bearer(authServer))
.link(() => WordsController(context));
return router;
}
}
My AuthController is just the standard one that comes with Aqueduct. I didn't even see any parameters to adjust in the source code.
How do I make the server send back a refresh token?
It sounds like you are authenticating a public OAuth 2 client. By rule, a public client cannot have a refresh token. You must use a confidential client. A client is confidential when it has a secret. Use the —secret option when creating your client.