1

I am using FusionAuth for authentication. I have created one application in the FusionAuth. It has oAuth configured.

http://localhost:9011/oauth2/authorize?access_type=offline&prompt=consent&response_type=code&client_id=9ecc54b7-6f79-4105-a208-ca61e6157b58&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fipos%2Frest%2FfusionAuth%2FcallBack

This is my authorization url to one the FusionAuth login page.

Once I hit the link and enter the user name and password, I get the call back on configured call back url in my java jersey api.

I get the following details in the call back request.

code - dZgq5Xd0YmAQXZ2JIzkih832iojimgLUPwT7yoH9-TY

locale - en_US

userState - AuthenticatedNotRegistered

Here I am using Scribe Java library for OAuth authentication

I make call to get the access token call usnig the Scribe java libary with the given authorization code and grant_type is authorization_code.

Here this call get success and I get the below detail in the response.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRRZTA1Uk1vN19oVjZUUnpLVUQ1aXpRU2NSOCJ9.eyJhdWQiOiI5ZWNjNTRiNy02Zjc5LTQxMDUtYTIwOC1jYTYxZTYxNTdiNTgiLCJleHAiOjE1Nzc3MTg0NjgsImlhdCI6MTU3NzcxODM0OCwiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiI3ZWE3OWRhZi1hZjExLTQ1MTUtODljYS1iOGFjYTFjN2I5YTEiLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoiZGhhdmFsYmhvb3Q5M0BnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGhhdmFsYmhvb3QifQ.eA0Xi6nEZhWaTMd-P26ESdE3NsyXNRNVBKBdBvHxvzfHgXYJiN2pf-16mY8JK-4-1g3vZF7Cwv-SkP4iZAIJCYYc3uBW8Qlcjjn9cyi7_RggBBBsErcs2acRIt-D5NpnVJfkxHwGAs9fO6a2Win98GGYyv1nzBG9OhWkyZJTy4QxzlgXNrkQIzTuzRwLkRFzKCT95pqfsOYb_MXPuAksg5q1SHIj8qtbO7EO-vMbpmiok1C-Wflbiq2X_tq17QBKbO4JAMLm9_pCZse1tqLyNP4fIh3VHTz7OdbbXvug2Tpk_yTWLVL_29XC87-91R5iXeezLjADkdi1yXMUdHioOw",
  "expires_in": 119,
  "token_type": "Bearer",
  "userId": "7ea79daf-af11-4515-89ca-b8aca1c7b9a1"
}

Here, I do not get the refresh_token, in any case, user first time login or in any case. This is JWT token and I had reduced the expiry time to 120 seconds.

In application OAuth setup I enable Generate refresh tokens option.

The only problem here I have is, I do not receive the refresh token. Help me with this.

Thank you.

baitmbarek
  • 2,440
  • 4
  • 18
  • 26
Dhaval Bhoot
  • 241
  • 1
  • 5
  • 18

1 Answers1

3

To obtain a Refresh Token as a result of the Authorization Code Grant, you'll need to request the offline_access scope.

https://fusionauth.io/docs/v1/tech/oauth/endpoints#authorization-code-grant-request

You can modify your request as follows (line breaks added for readability) 

http://localhost:9011/oauth2/authorize?
scope=offline_access
&prompt=consent
&response_type=code
&client_id=9ecc54b7-6f79-4105-a208-ca61e6157b58
&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fipos%2Frest%2FfusionAuth%2FcallBack

As a side note, adding prompt=consent is fine, but it will not affect the request as this is not yet available in FusionAuth. Please upvote the feature request if this is something you'd like to see in an upcoming release. https://github.com/FusionAuth/fusionauth-issues/issues/411

robotdan
  • 1,022
  • 1
  • 9
  • 17
  • 1
    @robottdan Thank you for your reply. I was passing "access_type=offline" which is wrong and the right one is "scope=offline_access" doing this change, return a refresh token in response. – Dhaval Bhoot Dec 31 '19 at 09:13
  • Can anyone help me with the bellow small question? how can I increase the lifetime of the authorization code? – Dhaval Bhoot Dec 31 '19 at 09:15
  • @dhaval-bhoot To modify the TTL (time to live) of the JWT or Refresh Token, use the Tenant or Application JWT configuration settings. Settings --> Tenants --> JWT (global default setting for the tenant), or Applications --> JWT (for the application specific settings within the tenant). – robotdan Dec 31 '19 at 16:25
  • Thanks for the reply @robotdan I check and see that the given settings are for the TTL of the access token or refresh token. But I am looking for the authorization code in case authorization grnat type in user authorization process – Dhaval Bhoot Jan 01 '20 at 07:22
  • You'll find the TTL for the Authorization Code in the Advanced tab of the Tenant Settings. https://fusionauth.io/docs/v1/tech/users/tenants#advanced – robotdan Jan 01 '20 at 23:03
  • Updated link for previous comment. https://fusionauth.io/docs/v1/tech/core-concepts/tenants – robotdan Jun 10 '20 at 12:22