SecureAuth IdP Version Affected: All iterations of SecureAuthIdP with OIDC/OAuth2
Description: Refresh token isn't always seen in logs or no particular errors saying why refresh token is not set up. Our GUI does not specifically also denote refresh token either since it belongs to part of certain flows.
Cause: Offline_access is required as one of the scopes in order to obtain the refresh token amongst required consent storage as well.
Resolution: Offline_access to be added in the scopes, as well as consent storage mapped to an attribute.
Referring to the picture, please note that consent storage is mapped to a field, which can be declared in the data tab. User consent storage needs to be enabled, whether auto-accept can be per discretion.
This next picture shows that offline_access is declared as a scope; please match the scopes presented on the IdP respective with the application sending/receiving as well.
From there, you should be able to get a refresh token!
Comments
Please sign in to leave a comment.