javajersey-2.0scribefusionauth

Didn't get the refresh token in response of access token call with Authorization Code Grant Request in FusionAuth

I am using FusionAuth for authentication. I have created one application in the FusionAuth. It has oAuth configured.

http://localhost:9011/oauth2/authorize?access_type=offline&prompt=consent&response_type=code&client_id=9ecc54b7-6f79-4105-a208-ca61e6157b58&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fipos%2Frest%2FfusionAuth%2FcallBack

This is my authorization url to one the FusionAuth login page.

Once I hit the link and enter the user name and password, I get the call back on configured call back url in my java jersey api.

I get the following details in the call back request.

code - dZgq5Xd0YmAQXZ2JIzkih832iojimgLUPwT7yoH9-TY

locale - en_US

userState - AuthenticatedNotRegistered

Here I am using Scribe Java library for OAuth authentication

I make call to get the access token call usnig the Scribe java libary with the given authorization code and grant_type is authorization_code.

Here this call get success and I get the below detail in the response.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRRZTA1Uk1vN19oVjZUUnpLVUQ1aXpRU2NSOCJ9.eyJhdWQiOiI5ZWNjNTRiNy02Zjc5LTQxMDUtYTIwOC1jYTYxZTYxNTdiNTgiLCJleHAiOjE1Nzc3MTg0NjgsImlhdCI6MTU3NzcxODM0OCwiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiI3ZWE3OWRhZi1hZjExLTQ1MTUtODljYS1iOGFjYTFjN2I5YTEiLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoiZGhhdmFsYmhvb3Q5M0BnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGhhdmFsYmhvb3QifQ.eA0Xi6nEZhWaTMd-P26ESdE3NsyXNRNVBKBdBvHxvzfHgXYJiN2pf-16mY8JK-4-1g3vZF7Cwv-SkP4iZAIJCYYc3uBW8Qlcjjn9cyi7_RggBBBsErcs2acRIt-D5NpnVJfkxHwGAs9fO6a2Win98GGYyv1nzBG9OhWkyZJTy4QxzlgXNrkQIzTuzRwLkRFzKCT95pqfsOYb_MXPuAksg5q1SHIj8qtbO7EO-vMbpmiok1C-Wflbiq2X_tq17QBKbO4JAMLm9_pCZse1tqLyNP4fIh3VHTz7OdbbXvug2Tpk_yTWLVL_29XC87-91R5iXeezLjADkdi1yXMUdHioOw",
  "expires_in": 119,
  "token_type": "Bearer",
  "userId": "7ea79daf-af11-4515-89ca-b8aca1c7b9a1"
}

Here, I do not get the refresh_token, in any case, user first time login or in any case. This is JWT token and I had reduced the expiry time to 120 seconds.

In application OAuth setup I enable Generate refresh tokens option.

The only problem here I have is, I do not receive the refresh token. Help me with this.

Thank you.

Solution

  • To obtain a Refresh Token as a result of the Authorization Code Grant, you'll need to request the offline_access scope.

    https://fusionauth.io/docs/v1/tech/oauth/endpoints#authorization-code-grant-request

    You can modify your request as follows (line breaks added for readability) 

    http://localhost:9011/oauth2/authorize?
scope=offline_access
&prompt=consent
&response_type=code
&client_id=9ecc54b7-6f79-4105-a208-ca61e6157b58
&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fipos%2Frest%2FfusionAuth%2FcallBack

    As a side note, adding prompt=consent is fine, but it will not affect the request as this is not yet available in FusionAuth. Please upvote the feature request if this is something you'd like to see in an upcoming release. https://github.com/FusionAuth/fusionauth-issues/issues/411