No refresh_token in SalesForce OAuth Response

Question

I'm interacting with a custom APEX service which obviously require OAuth authentication. I can easily authenticate and authorise my application. Everything works fine.

However, the access token I receive tends to expire.

Of course, I can refresh it by sending a refresh_token. Sounds great.

The problem is I don't receieve a refresh_token in a response from SalesForce.

I do send requests to [instance].salesforce.com/services/oauth2/token, I also tried to using login.salesforce.com/services/oauth2/token, but I cannot find 'refresh_token' in the response. There's everything apart from it there!..

@superfell Everything was correct, apart from the scope. See my answer below. Thanks anyway :)! — Mike Borozdin, Jun 14 '12 at 00:29

score 12 · Answer 1 · edited Jul 02 '18 at 13:49

12

Please check Selected OAuth Scopes section, which is needed to be enabled Perform requests on your behalf at any time in order to get the refresh token.

Сreate > Apps > API (Enable OAuth Settings) > Selected OAuth Scopes.

edited Jul 02 '18 at 13:49

Paul T. Rawkeen

3,994
3
35
51

answered Oct 26 '15 at 13:10

vasanth vasu

401
5
13

2

I'm not sure why "Full access (full)" scope is not enough ... but it's not. You also have to do the above. Thanks so much. – barclay Apr 21 '16 at 18:15
Note that, by default, the refresh token will expire immediately. You have to go into "Manage Connected Apps", edit your app, and change the setting for refresh token expiry, otherwise you get "token validity expired" when you try to refresh it. – ProgrammingLlama Dec 25 '19 at 06:16

score 4 · Accepted Answer · answered Jun 14 '12 at 00:29

4

I've solved the problem thanks to my wonderful colleague.

I should have added 'refresh_token' to the scope when retrieiving an auth code.

answered Jun 14 '12 at 00:29

Mike Borozdin

1,138
3
14
32

3

Actually, refresh_tokens aren't (or are no longer) handed out unless you're building a mobile app or In-SalesForce app. See http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com and search for "Note that refresh_token is only sent if either of the following is the case". I found this out after 4 hours of trying to figure out why it wasn't giving me one. :) I'm happy to be proven wrong, though.. – Anthony May 09 '13 at 21:37
2

Did you ever get this to work? I'm not getting a refresh token despite the scope settings. – Kevin O'Hara Jul 14 '14 at 20:19

No refresh_token in SalesForce OAuth Response

2 Answers2