
React native get refresh token with Social login with Auth0

I have the following code from my react native app where i've used auth0 to login users using their Facebook, Google account, Apple.

  const authProviders = {
    google: {
      name: "google-oauth2",
      icon: <GoogleIcon />,
      color: cs["apple"],
    facebook: {
      name: "facebook",
      icon: <FacebookIcon />,
      color: cs["facebook"],
    apple: {
      name: "apple",
      icon: <AppleIcon />,
      color: cs["apple"],

  const onSocialAuth = async (type: auth) => {
    const connection =;
    const result = await LoginAs(connection);

    if (result.type === "success" && Platform.OS === "ios") {
      const accessToken = result.url
        ? result.url.match(/access_token=([^&]+)/)
        : null;
      const token = accessToken ? accessToken[1] : null;
      const { payload } = await dispatch(
        userSocialLogin({ access_token: token ?? "" })
      if (payload?.data?.token) {
        await storeAsyncData(ENUM.PREVIOUS_AUTH_PROVIDER,;
          isUserLoggedIn: !!payload?.data?.token,
          token: payload?.data?.token,
      } else {
        alert("Something went wrong while logging with " + connection);
    } else {
      // alert('Failed to log in');

  return (
        <View style={{ flexDirection: "column", gap: 10, alignItems: "center" }}>

          {providers?.includes('google-oauth2') &&<OutlinedButton
            loading={loading && provider ===}
              gap: 10,
              paddingVertical: verticalScale(10),
              flex: 1,
            onPress={() => {
            icon={<GoogleIcon />}>
    //other login methods


Method to handle login

export const LoginAs = async (connection: string) => {
  const auth0RedirectUri =
    Platform.OS === "ios"
      ? `${process.env.EXPO_PUBLIC_AUTH0_REDIRECT_URI}/ios/com.hello.myapp/callback`
      : `${process.env.EXPO_PUBLIC_AUTH0_REDIRECT_URI}/android/com.hello.myapp/callback`;
  const auth0Domain = process.env.EXPO_PUBLIC_AUTH0_AUTH_DOMAIN; //env
  const clientId = process.env.EXPO_PUBLIC_AUTH0_CLIENT_ID; //production
  const audience = process.env.EXPO_PUBLIC_AUTH0_AUTH_AUDIENCE;
  const url =
    `${auth0Domain}/authorize?` +
    `response_type=token&` +
    `client_id=${clientId}&` +
    `redirect_uri=${encodeURIComponent(auth0RedirectUri)}&` +
    `scope=openid%20profile%20email&` +
    `audience=${encodeURIComponent(audience || "")}&` +
  const browserOptions = {
    preferEphemeralSession: false,
    createTask: true,
  const result = await WebBrowser.openAuthSessionAsync(
  return result;

with the above code I get the token but no refresh token.

 {"error": null, "type": "success", "url": "com.hello.myapp://"}

I've also enable offline access in my Auth0 api settings.

I've also tried passing offline_access in scope but no success on getting refresh token.

Output of console.log of response when offline_access is added in scope:

    "url": "com.h3llo.fundisapp://",
    "type": "success"

I'm using machine to machine's client ID in mobile app, since i'm not using auth0 sdk for react native.


  • export const LoginAs = async (connection: string) => {
      const auth0RedirectUri =
        Platform.OS === "ios"
          ? `${process.env.EXPO_PUBLIC_AUTH0_REDIRECT_URI}/ios/com.hello.myapp/callback`
          : `${process.env.EXPO_PUBLIC_AUTH0_REDIRECT_URI}/android/com.hello.myapp/callback`;
      const auth0Domain = process.env.EXPO_PUBLIC_AUTH0_AUTH_DOMAIN; //env
      const clientId = process.env.EXPO_PUBLIC_AUTH0_CLIENT_ID; //production
      const audience = process.env.EXPO_PUBLIC_AUTH0_AUTH_AUDIENCE;
      const state = Math.random().toString(36).substring(7);
      const url =
        `${auth0Domain}/authorize?` +
        `client_id=${clientId}&` +
        `redirect_uri=${encodeURIComponent(auth0RedirectUri)}&` +
         `scope=${encodeURIComponent('openid profile email offline_access')}&`+
        `audience=${encodeURIComponent(audience || "")}&` +
        `state=${state}&` +
      const browserOptions = {
        preferEphemeralSession: false,
        createTask: true,
      const result = await WebBrowser.openAuthSessionAsync(
      if (result.type === 'success') {
        const urlParams = new URL(result.url).searchParams;
        const code = urlParams.get('code');
        if (!code) {
          throw new Error('No code received from Auth0');
        // Exchange the code for tokens
        const tokenResponse = await fetch(`${auth0Domain}/oauth/token`, {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
          body: JSON.stringify({
            grant_type: 'authorization_code',
            client_id: clientId,
            client_secret: process.env.EXPO_PUBLIC_AUTH0_CLIENT_SECRET,
            code:  code,
            redirect_uri: auth0RedirectUri,
        const tokens = await tokenResponse.json();
        console.log("Tokens:", tokens); // Includes access_token, id_token, refresh_token
        return tokens;
      return {result: "false"};

    I managed to get the refresh token with the above approach. I had to get code first instead of token then use the code to get the tokens