OIDC/OAuth2 - How To Create Refresh Token

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected: All iterations of SecureAuthIdP with OIDC/OAuth2

    Description:  Refresh token isn't always seen in logs or no particular errors saying why refresh token is not set up.  Our GUI does not specifically also denote refresh token either since it belongs to part of certain flows.  

    Cause:  Offline_access is required as one of the scopes in order to obtain the refresh token amongst required consent storage as well.

    Resolution:  Offline_access to be added in the scopes, as well as consent storage mapped to an attribute.

    Referring to the picture, please note that consent storage is mapped to a field, which can be declared in the data tab.  User consent storage needs to be enabled, whether auto-accept can be per discretion.


    This next picture shows that offline_access is declared as a scope; please match the scopes presented on the IdP respective with the application sending/receiving as well.


    From there, you should be able to get a refresh token!

    0 out of 0 found this helpful



    Please sign in to leave a comment.