0

I'm using Facebook SDK in my React-Native mobile app and I manage to get a token that I exchange with Auth0 on /oauth/access_token to retrieve an id_token that I can use as jwt to authenticate with my API.

The problem: that endpoint doesn't return a refresh_token which is vital for a mobile app in order to not ask the user to authenticate every time.

How can I obtain an Auth0 refresh_token in order to not have the user to login every single day to Facebook and to the entire process again?

Unfortunately I can't use Auth0 Lock for the login UI because the React-Native version doesn't support custom UI at the moment.

mtt
  • 1,697
  • 1
  • 15
  • 20

2 Answers2

1

It's not documented but you can ask for a refresh_token on the /oauth/access_token endpoint adding offline_access in the scope and a device name.

request({
  method: 'POST',
  url: `https://${AUTH0_URL}/oauth/access_token`,
  data: {
    client_id: CLIENT_ID,
    access_token: FBToken,
    connection: 'facebook',
    scope: 'openid profile email offline_access',
    device: 'mobile phone',
  },
})
mtt
  • 1,697
  • 1
  • 15
  • 20
0

You can find the current documentation here: https://auth0.com/docs/tokens/preview/refresh-token#get-a-refresh-token

According to the documentation you should get a refresh token after requesting /oauth/access_token as long as you include the offline_access scope in your original request.

If that's not the case, I would bug support.

framp
  • 813
  • 11
  • 22
  • Thanks for your reply, but as stated here https://auth0.com/docs/tokens/preview/refresh-token#get-a-refresh-token the endpoint that is accepting `offline_access` is not `/oauth/access_token` but `/oauth/authorize` – mtt Apr 04 '17 at 13:30
  • Can you show the code you're using to do the original request to get the token? – framp Apr 04 '17 at 13:38
  • You may want to look into using https://github.com/auth0/react-native-lock with https://github.com/auth0/Lock-Facebook.iOS as well – framp Apr 04 '17 at 13:40